e-smith-ldap/sme10/e-smith-ldap-5.6.0-bz10936-TLS-and-ciphers.patch

diff -Nur e-smith-ldap-5.6.0.old/root/etc/e-smith/db/configuration/migrate/ldapssl e-smith-ldap-5.6.0/root/etc/e-smith/db/configuration/migrate/ldapssl
--- e-smith-ldap-5.6.0.old/root/etc/e-smith/db/configuration/migrate/ldapssl    1969-12-31 19:00:00.000000000 -0500
+++ e-smith-ldap-5.6.0/root/etc/e-smith/db/configuration/migrate/ldapssl        2020-05-02 22:48:23.524000000 -0400
@@ -0,0 +1,7 @@
+{
+
+       #this has been replaced by TLSProtocolMin with new default
+       $DB->get_prop_and_delete('ldap', 'SSLv3');
+
+
+}
diff -Nur e-smith-ldap-5.6.0.old/root/etc/e-smith/templates/etc/openldap/slapd.conf/12tls e-smith-ldap-5.6.0/root/etc/e-smith/templates/etc/openldap/slapd.conf/12tls
--- e-smith-ldap-5.6.0.old/root/etc/e-smith/templates/etc/openldap/slapd.conf/12tls     2020-05-02 22:09:29.239000000 -0400
+++ e-smith-ldap-5.6.0/root/etc/e-smith/templates/etc/openldap/slapd.conf/12tls 2020-05-02 22:25:24.714000000 -0400
@@ -1,6 +1,16 @@
 
-TLSCipherSuite         { $ldap{CipherSuite} || $modSSL{CipherSuite} || 'HIGH:!SSLv2:!ADH:!aNULL:!MD5:!RC4' }
-TLSProtocolMin         { ($ldap{SSLv3} || 'disabled') eq 'enabled' ? '3.0' : '3.1' }
+TLSCipherSuite         { $ldap{CipherSuite} || $modSSL{CipherSuite} || 'ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:HIGH@STRENGTH:!SSLv2:!ADH:!aNULL:!MD5:!RC4' }
+TLSProtocolMin         { my $TLSProtocolMin = $ldap{TLSProtocolMin} || 'TLSv1.2';
+if ( $TLSProtocolMin eq 'SSLv3' ){
+        $OUT = " 3.0";
+} elsif ( $TLSProtocolMin eq 'TLSv1.0' || $TLSProtocolMin eq 'TLSv1' ){
+        $OUT = " 3.1";
+} elsif ( $TLSProtocolMin eq 'TLSv1.1' ){
+        $OUT = " 3.2";
+} elsif ( $TLSProtocolMin eq 'TLSv1.2' ){
+        $OUT = " 3.3";
+}
+}
 TLSCACertificateFile   /var/service/ldap/ssl/slapd.pem
 TLSCertificateFile     /var/service/ldap/ssl/slapd.pem
 TLSCertificateKeyFile  /var/service/ldap/ssl/slapd.pem
1	diff -Nur e-smith-ldap-5.6.0.old/root/etc/e-smith/db/configuration/migrate/ldapssl e-smith-ldap-5.6.0/root/etc/e-smith/db/configuration/migrate/ldapssl
2	--- e-smith-ldap-5.6.0.old/root/etc/e-smith/db/configuration/migrate/ldapssl 1969-12-31 19:00:00.000000000 -0500
3	+++ e-smith-ldap-5.6.0/root/etc/e-smith/db/configuration/migrate/ldapssl 2020-05-02 22:48:23.524000000 -0400
4	@@ -0,0 +1,7 @@
5	+{
6	+
7	+ #this has been replaced by TLSProtocolMin with new default
8	+ $DB->get_prop_and_delete('ldap', 'SSLv3');
9	+
10	+
11	+}
12	diff -Nur e-smith-ldap-5.6.0.old/root/etc/e-smith/templates/etc/openldap/slapd.conf/12tls e-smith-ldap-5.6.0/root/etc/e-smith/templates/etc/openldap/slapd.conf/12tls
13	--- e-smith-ldap-5.6.0.old/root/etc/e-smith/templates/etc/openldap/slapd.conf/12tls 2020-05-02 22:09:29.239000000 -0400
14	+++ e-smith-ldap-5.6.0/root/etc/e-smith/templates/etc/openldap/slapd.conf/12tls 2020-05-02 22:25:24.714000000 -0400
15	@@ -1,6 +1,16 @@
16
17	-TLSCipherSuite { $ldap{CipherSuite} \|\| $modSSL{CipherSuite} \|\| 'HIGH:!SSLv2:!ADH:!aNULL:!MD5:!RC4' }
18	-TLSProtocolMin { ($ldap{SSLv3} \|\| 'disabled') eq 'enabled' ? '3.0' : '3.1' }
19	+TLSCipherSuite { $ldap{CipherSuite} \|\| $modSSL{CipherSuite} \|\| 'ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:HIGH@STRENGTH:!SSLv2:!ADH:!aNULL:!MD5:!RC4' }
20	+TLSProtocolMin { my $TLSProtocolMin = $ldap{TLSProtocolMin} \|\| 'TLSv1.2';
21	+if ( $TLSProtocolMin eq 'SSLv3' ){
22	+ $OUT = " 3.0";
23	+} elsif ( $TLSProtocolMin eq 'TLSv1.0' \|\| $TLSProtocolMin eq 'TLSv1' ){
24	+ $OUT = " 3.1";
25	+} elsif ( $TLSProtocolMin eq 'TLSv1.1' ){
26	+ $OUT = " 3.2";
27	+} elsif ( $TLSProtocolMin eq 'TLSv1.2' ){
28	+ $OUT = " 3.3";
29	+}
30	+}
31	TLSCACertificateFile /var/service/ldap/ssl/slapd.pem
32	TLSCertificateFile /var/service/ldap/ssl/slapd.pem
33	TLSCertificateKeyFile /var/service/ldap/ssl/slapd.pem