389-ds-base

Clone
Source Code
GIT

#47637 rsa_null_sha should not be enabled by default
Closed: wontfix None Opened 10 years ago by nkinder.

Closed: wontfix
Reopen Issue

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 6): Bug 1020459

Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.

Description of problem: Installed an ipa server and ran ssslscan from a client,
it lists rsa_null_sha enable on port directory server.

Version-Release number of selected component (if applicable):
389-ds-base-1.2.11.15-14.el6_4.x86_64


How reproducible: Always


Steps to Reproduce:
1. Install ipa
2. Check the supported ciphers on ldaps (or startTLS).
3.

Actual results: rsa_null_sha is enabled by default


Expected results: NULL-SHA is not enabled by default


Additional info: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0726

Steps to reproduce:

[1] Install sslscan
[2] Setup a DS instance with SSL/security setup and running
[3] Run sslscan:

  sslscan --no-failed 127.0.0.1:636

[4] Check the "Supported Server Cipher(s)" output section, and verify that "rsa_null_sha" is not listed anymore.

git merge ticket47637
Updating d4e13f5..82b12c9
Fast-forward
ldap/servers/slapd/ssl.c | 15 +++++++++++----
1 files changed, 11 insertions(+), 4 deletions(-)

git push origin master
Counting objects: 11, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (6/6), done.
Writing objects: 100% (6/6), 883 bytes, done.
Total 6 (delta 4), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
d4e13f5..82b12c9 master -> master

commit 82b12c9
Author: Mark Reynolds mreynolds@redhat.com
Date: Thu Mar 6 11:07:24 2014 -0500

1.3.2

git push origin 389-ds-base-1.3.2
d116cca..5825292 389-ds-base-1.3.2 -> 389-ds-base-1.3.2

1.3.1

git push origin 389-ds-base-1.3.1
4499922..86fbd5a 389-ds-base-1.3.1 -> 389-ds-base-1.3.1

1.3.0

git push origin 389-ds-base-1.3.0
dad08c1..58e5152 389-ds-base-1.3.0 -> 389-ds-base-1.3.0

1.2.11

git push origin 389-ds-base-1.2.11
096d895..6a24433 389-ds-base-1.2.11 -> 389-ds-base-1.2.11

Metadata Update from @mreynolds:
- Issue assigned to mreynolds
- Issue set to the milestone: 1.3.3 - 3/14 (March)
7 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/974

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix (was: Fixed)
3 years ago

Login to comment on this ticket.

Metadata
None
None
None
major
ack
Community
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.