Along with "disabling SSLv3" on the Directory Server, PassSync also has to support the newer SSL versions.
Description: Adjusting PassSync to the latest libraries. . NSPR: nspr-win-4.10.6-1 . NSS: nss-win-3.16.2.3-2 . MOZLDAP: ldap-c-sdk-win-6.0.7-7
By default, PassSync uses TLS1.1 and newer SSL versions supported by the NSS. To force to enable SSLv3.0, an environment variable LDAPSSL_ALLOW_OLD_SSL_VERSION has to be set with some non NULL value in Computer | Properties | Advanced system settings | Environment Variables | System variables, add variable: LDAPSSL_ALLOW_OLD_SSL_VERSION value: 1 It will allow PassSync with this patch to connect to the server that runs only accept SSLv3.0. [...] conn=17 SSL3 128-bit AES
please make sure to test upgrade
Replying to [comment:2 rmeggins]:
Thank you, Rich! I installed passsync-win-1.1.5-7 and upgraded to this version (I haven't done it, but I should bump the version number to 1.1.6...) and verified it was successfully upgraded.
git patch file (master) -- bumped the version to 1.1.6 0001-Ticket-47987-Support-TLS1.1-and-newer-SSL-versions.patch
Reviewed by Rich (Thank you!!)
Pushed to master: c7052e6..012c6ec master -> master commit 012c6ecea3f9670217014ad0e83941eaa683042d
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1184185
Metadata Update from @nhosoi: - Issue assigned to nhosoi - Issue set to the milestone: 1.3.3 backlog
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/1318
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: Fixed)
Login to comment on this ticket.