Ticket #47928 - Disable SSL v3, by default [389-ds-base-1.2.11 only]
Description:
[fedse.c]
By default, nsSSL3 is set to off and nsTLS1 is on in cn=encryption,cn=config.
[ssl.c]
Back-ported SSLVersionRange from the master branch, but no new range
parameter support in the config. If nsSSL3 is explicitely set to
on, SSL_LIBRARY_VERSION_3_0 is set to the minimum ssl version.
Otherwise, SSL_LIBRARY_VERSION_TLS_1_0 becomes the minimum version.
The max available version is set to the maximum ssl version.
On this version, there is no way to disable TLS1.0 and enable TLS1.1
and newer. If nsTLS1 is on, all TLS1.X are enabled.
Note: This patch covers Ticket #605 - support TLS 1.1, as well.
https://fedorahosted.org/389/ticket/47928
(cherry picked from commit 17fc03cf1101135b99234f17efd3eb746626be1a)