Before FreeIPA is able to support TLS 1.3 for the web interface, we need
I successfully tested python-nss and Firefox nightly against mod_nss with custom builds of NSS, mod_nss and python-nss. The builds are available in my personal COPR https://copr.fedorainfracloud.org/coprs/cheimes/nss/ .
We might have to disable secure renegotiations and set {{{NSSRequireSafeNegotiation off}}}, see https://bugzilla.redhat.com/show_bug.cgi?id=1423401
Metadata Update from @cheimes: - Issue assigned to someone - Issue set to the milestone: 0.0 NEEDS_TRIAGE
Metadata Update from @pvoborni: - Custom field affects_doc reset - Custom field tester adjusted to wanted - Issue close_status updated to: None - Issue set to the milestone: FreeIPA 4.7 (was: 0.0 NEEDS_TRIAGE)
I'm closing the bug as duplicate. FreeIPA is moving from mod_nss to mod_ssl. The mod_ssl Apache module will take care of TLSv1.3 eventually. The client part is prepared to handle TLSv1.3, e.g. TLS13 cipher suites are configured automatically.
Metadata Update from @cheimes: - Issue close_status updated to: duplicate - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.