cgrzemba / 389-ds-base

Forked from 389-ds-base 5 years ago
Clone

eff49fc Bug 707015 - Cannot disable SSLv3 and use TLS only

Authored and Committed by rmeggins 12 years ago
    Bug 707015 - Cannot disable SSLv3 and use TLS only
    
    https://bugzilla.redhat.com/show_bug.cgi?id=707015
    Resolves: bug 707015
    Bug Description: Cannot disable SSLv3 and use TLS only
    Reviewed by: nkinder (Thanks!)
    Branch: Directory_Server_8_2_Branch
    Fix Description: We had attributes in the cn=encryption,cn=config entry
    for nsSSL2 and nsSSL3 but they were not being used.  The way it works now
    is this:
    If the nsSSL3 attribute is not present, and modutil -chkfips is disabled,
    SSLv3 will be enabled.
    If the nsSSL3 attribute is not present, and modutil -chkfips is enabled,
    SSLv3 will be disabled.
    If FIPS is enabled, SSLv3 will be disabled.  If the user set nsSSL3 to
    "on" or boolean true, the server will print a warning message to the error
    log and disable SSLv3.
    If FIPS is disabled, and the nsSSL3 attribute is present, and the value
    is "on" or a boolean value that evaluates to true, SSLv3 will be enabled.
    If FIPS is disabled, and the nsSSL3 attribute is present, and the value
    is "off" or a boolean value that evaluates to false, SSLv3 will be disabled.
    Platforms tested: RHEL6 x86_64
    Flag Day: no
    Doc impact: Yes - will need to document this behavior
    (cherry picked from commit 63309e4c86bf30720b8213bd2f486cc19327be62)
    
        
file modified
+61 -12