freeipa

Clone
Source Code
GIT

a5b6f72 Use only TLS 1.2 by default

3 files Authored by cheimes 4 years ago, Committed by frenaud 4 years ago,
raw patch tree parent
3 files changed. 32 lines added. 21 lines removed.
ipalib/config.py
file modified
+3 -3
ipalib/constants.py
file modified
+24 -15
ipalib/util.py
file modified
+5 -3 
    Use only TLS 1.2 by default
    
    TLS 1.3 is causing some trouble with client cert authentication.
    Conditional client cert authentication requires post-handshake
    authentication extension on TLS 1.3. The new feature is not fully
    implemented yet.
    
    TLS 1.0 and 1.1 are no longer state of the art and now disabled by
    default.
    
    TLS 1.2 works everywhere and supports PFS.
    
    Related: https://pagure.io/freeipa/issue/7667
    
    Signed-off-by: Christian Heimes <cheimes@redhat.com>
    Reviewed-By: Rob Crittenden <rcritten@redhat.com>
    Reviewed-By: Christian Heimes <cheimes@redhat.com>
    Reviewed-By: Rob Crittenden <rcritten@redhat.com>
file modified
+3 -3
file modified
+24 -15
file modified
+5 -3
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.