freeipa

Clone
Source Code
GIT

ac6f573 Explicitly remove support of SSLv2/3

3 files Authored by stlaz 7 years ago, Committed by mbasti 7 years ago,
raw patch tree parent
3 files changed. 94 lines added. 4 lines removed.
ipalib/config.py
file modified
+25 -2
ipalib/constants.py
file modified
+10 -0
ipapython/nsslib.py
file modified
+59 -2 
    Explicitly remove support of SSLv2/3
    
    It was possible to set tls_version_min/max to 'ssl2' or 'ssl3',
    even though newer versions of NSS will fail to set this as a valid
    TLS version. This patch explicitly checks for deprecated TLS versions
    prior to creating a TLS connection.
    
    Also, we don't allow tls_version_min/max to be set to a random
    string anymore.
    
    https://fedorahosted.org/freeipa/ticket/6607
    
    Reviewed-By: Jan Cholasta <jcholast@redhat.com>
    Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
file modified
+25 -2
file modified
+10 -0
file modified
+59 -2
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.