Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 6): Bug 1020459
Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.
Description of problem: Installed an ipa server and ran ssslscan from a client, it lists rsa_null_sha enable on port directory server. Version-Release number of selected component (if applicable): 389-ds-base-1.2.11.15-14.el6_4.x86_64 How reproducible: Always Steps to Reproduce: 1. Install ipa 2. Check the supported ciphers on ldaps (or startTLS). 3. Actual results: rsa_null_sha is enabled by default Expected results: NULL-SHA is not enabled by default Additional info: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0726
attachment 0001-Ticket-47637-rsa_null_sha-should-not-be-enabled-by-d.patch
Steps to reproduce:
[1] Install sslscan [2] Setup a DS instance with SSL/security setup and running [3] Run sslscan:
sslscan --no-failed 127.0.0.1:636
[4] Check the "Supported Server Cipher(s)" output section, and verify that "rsa_null_sha" is not listed anymore.
git merge ticket47637 Updating d4e13f5..82b12c9 Fast-forward ldap/servers/slapd/ssl.c | 15 +++++++++++---- 1 files changed, 11 insertions(+), 4 deletions(-)
git push origin master Counting objects: 11, done. Delta compression using up to 4 threads. Compressing objects: 100% (6/6), done. Writing objects: 100% (6/6), 883 bytes, done. Total 6 (delta 4), reused 0 (delta 0) To ssh://git.fedorahosted.org/git/389/ds.git d4e13f5..82b12c9 master -> master
commit 82b12c9 Author: Mark Reynolds mreynolds@redhat.com Date: Thu Mar 6 11:07:24 2014 -0500
1.3.2
git push origin 389-ds-base-1.3.2 d116cca..5825292 389-ds-base-1.3.2 -> 389-ds-base-1.3.2
1.3.1
git push origin 389-ds-base-1.3.1 4499922..86fbd5a 389-ds-base-1.3.1 -> 389-ds-base-1.3.1
1.3.0
git push origin 389-ds-base-1.3.0 dad08c1..58e5152 389-ds-base-1.3.0 -> 389-ds-base-1.3.0
1.2.11
git push origin 389-ds-base-1.2.11 096d895..6a24433 389-ds-base-1.2.11 -> 389-ds-base-1.2.11
Metadata Update from @mreynolds: - Issue assigned to mreynolds - Issue set to the milestone: 1.3.3 - 3/14 (March)
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/974
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: Fixed)
Login to comment on this ticket.