spichugi / 389-ds-base

Forked from 389-ds-base 6 years ago
Clone
Source Code
GIT

17fc03c Ticket #47928 - Disable SSL v3, by default [389-ds-base-1.2.11 only]

Authored and Committed by nhosoi 9 years ago
raw patch tree parent
2 files changed. 136 lines added. 17 lines removed.
ldap/servers/slapd/fedse.c
file modified
+2 -1
ldap/servers/slapd/ssl.c
file modified
+134 -16 
    Ticket #47928 - Disable SSL v3, by default [389-ds-base-1.2.11 only]
    
    Description:
    [fedse.c]
      By default, nsSSL3 is set to off and nsTLS1 is on in cn=encryption,cn=config.
    [ssl.c]
      Back-ported SSLVersionRange from the master branch, but no new range
      parameter support in the config.  If nsSSL3 is explicitely set to
      on, SSL_LIBRARY_VERSION_3_0 is set to the minimum ssl version.
      Otherwise, SSL_LIBRARY_VERSION_TLS_1_0 becomes the minimum version.
      The max available version is set to the maximum ssl version.
    
      On this version, there is no way to disable TLS1.0 and enable TLS1.1
      and newer.  If nsTLS1 is on, all TLS1.X are enabled.
    
    Note: This patch covers Ticket #605 - support TLS 1.1, as well.
    
    https://fedorahosted.org/389/ticket/47928
file modified
+2 -1
file modified
+134 -16
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.