e-smith-ldap/sme10/e-smith-ldap-5.6.0-bz10936-TLS-and-ciphers.patch

diff -Nur e-smith-ldap-5.6.0.old/root/etc/e-smith/db/configuration/migrate/ldapssl e-smith-ldap-5.6.0/root/etc/e-smith/db/configuration/migrate/ldapssl
--- e-smith-ldap-5.6.0.old/root/etc/e-smith/db/configuration/migrate/ldapssl    1969-12-31 19:00:00.000000000 -0500
+++ e-smith-ldap-5.6.0/root/etc/e-smith/db/configuration/migrate/ldapssl        2020-05-02 22:48:23.524000000 -0400
@@ -0,0 +1,7 @@
+{
+
+       #this has been replaced by TLSProtocolMin with new default
+       $DB->get_prop_and_delete('ldap', 'SSLv3');
+
+
+}
diff -Nur e-smith-ldap-5.6.0.old/root/etc/e-smith/templates/etc/openldap/slapd.conf/12tls e-smith-ldap-5.6.0/root/etc/e-smith/templates/etc/openldap/slapd.conf/12tls
--- e-smith-ldap-5.6.0.old/root/etc/e-smith/templates/etc/openldap/slapd.conf/12tls     2020-05-02 22:09:29.239000000 -0400
+++ e-smith-ldap-5.6.0/root/etc/e-smith/templates/etc/openldap/slapd.conf/12tls 2020-05-02 22:25:24.714000000 -0400
@@ -1,6 +1,16 @@
 
-TLSCipherSuite         { $ldap{CipherSuite} || $modSSL{CipherSuite} || 'HIGH:!SSLv2:!ADH:!aNULL:!MD5:!RC4' }
-TLSProtocolMin         { ($ldap{SSLv3} || 'disabled') eq 'enabled' ? '3.0' : '3.1' }
+TLSCipherSuite         { $ldap{CipherSuite} || $modSSL{CipherSuite} || 'ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:HIGH@STRENGTH:!SSLv2:!ADH:!aNULL:!MD5:!RC4' }
+TLSProtocolMin         { my $TLSProtocolMin = $ldap{TLSProtocolMin} || 'TLSv1.2';
+if ( $TLSProtocolMin eq 'SSLv3' ){
+        $OUT = " 3.0";
+} elsif ( $TLSProtocolMin eq 'TLSv1.0' || $TLSProtocolMin eq 'TLSv1' ){
+        $OUT = " 3.1";
+} elsif ( $TLSProtocolMin eq 'TLSv1.1' ){
+        $OUT = " 3.2";
+} elsif ( $TLSProtocolMin eq 'TLSv1.2' ){
+        $OUT = " 3.3";
+}
+}
 TLSCACertificateFile   /var/service/ldap/ssl/slapd.pem
 TLSCertificateFile     /var/service/ldap/ssl/slapd.pem
 TLSCertificateKeyFile  /var/service/ldap/ssl/slapd.pem
1	jpp	1.1	diff -Nur e-smith-ldap-5.6.0.old/root/etc/e-smith/db/configuration/migrate/ldapssl e-smith-ldap-5.6.0/root/etc/e-smith/db/configuration/migrate/ldapssl
2			--- e-smith-ldap-5.6.0.old/root/etc/e-smith/db/configuration/migrate/ldapssl 1969-12-31 19:00:00.000000000 -0500
3			+++ e-smith-ldap-5.6.0/root/etc/e-smith/db/configuration/migrate/ldapssl 2020-05-02 22:48:23.524000000 -0400
4			@@ -0,0 +1,7 @@
5			+{
6			+
7			+ #this has been replaced by TLSProtocolMin with new default
8			+ $DB->get_prop_and_delete('ldap', 'SSLv3');
9			+
10			+
11			+}
12			diff -Nur e-smith-ldap-5.6.0.old/root/etc/e-smith/templates/etc/openldap/slapd.conf/12tls e-smith-ldap-5.6.0/root/etc/e-smith/templates/etc/openldap/slapd.conf/12tls
13			--- e-smith-ldap-5.6.0.old/root/etc/e-smith/templates/etc/openldap/slapd.conf/12tls 2020-05-02 22:09:29.239000000 -0400
14			+++ e-smith-ldap-5.6.0/root/etc/e-smith/templates/etc/openldap/slapd.conf/12tls 2020-05-02 22:25:24.714000000 -0400
15			@@ -1,6 +1,16 @@
16
17			-TLSCipherSuite { $ldap{CipherSuite} \|\| $modSSL{CipherSuite} \|\| 'HIGH:!SSLv2:!ADH:!aNULL:!MD5:!RC4' }
18			-TLSProtocolMin { ($ldap{SSLv3} \|\| 'disabled') eq 'enabled' ? '3.0' : '3.1' }
19			+TLSCipherSuite { $ldap{CipherSuite} \|\| $modSSL{CipherSuite} \|\| 'ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:HIGH@STRENGTH:!SSLv2:!ADH:!aNULL:!MD5:!RC4' }
20			+TLSProtocolMin { my $TLSProtocolMin = $ldap{TLSProtocolMin} \|\| 'TLSv1.2';
21			+if ( $TLSProtocolMin eq 'SSLv3' ){
22			+ $OUT = " 3.0";
23			+} elsif ( $TLSProtocolMin eq 'TLSv1.0' \|\| $TLSProtocolMin eq 'TLSv1' ){
24			+ $OUT = " 3.1";
25			+} elsif ( $TLSProtocolMin eq 'TLSv1.1' ){
26			+ $OUT = " 3.2";
27			+} elsif ( $TLSProtocolMin eq 'TLSv1.2' ){
28			+ $OUT = " 3.3";
29			+}
30			+}
31			TLSCACertificateFile /var/service/ldap/ssl/slapd.pem
32			TLSCertificateFile /var/service/ldap/ssl/slapd.pem
33			TLSCertificateKeyFile /var/service/ldap/ssl/slapd.pem