/[smeserver]/rpms/e-smith-ldap/sme9/e-smith-ldap-5.4.0-strong_encryption.patch
ViewVC logotype

Annotation of /rpms/e-smith-ldap/sme9/e-smith-ldap-5.4.0-strong_encryption.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (hide annotations) (download)
Thu Feb 23 10:52:44 2017 UTC (7 years, 9 months ago) by vip-ire
Branch: MAIN
CVS Tags: e-smith-ldap-5_4_0-21_el6_sme, HEAD
* Thu Feb 23 2017 Daniel Berteaud <daniel@firewall-services.com> 5.4.0-21.sme
- Disable SSLv3, but keep the possibility to enable it again [SME: 10113]
- Better default cipher suite, and honor global suite [SME: 10113]

1 vip-ire 1.1 diff -Nur e-smith-ldap-5.6.0/root/etc/e-smith/templates/etc/openldap/slapd.conf/12tls e-smith-ldap-5.6.0_bz10108/root/etc/e-smith/templates/etc/openldap/slapd.conf/12tls
2     --- e-smith-ldap-5.6.0/root/etc/e-smith/templates/etc/openldap/slapd.conf/12tls 2013-02-13 16:21:49.000000000 +0100
3     +++ e-smith-ldap-5.6.0_bz10108/root/etc/e-smith/templates/etc/openldap/slapd.conf/12tls 2017-02-23 11:17:10.540389619 +0100
4     @@ -1,5 +1,6 @@
5    
6     -TLSCipherSuite HIGH:MEDIUM:+SSLv2
7     +TLSCipherSuite { $ldap{CipherSuite} || $modSSL{CipherSuite} || 'HIGH:!SSLv2:!ADH:!aNULL:!MD5:!RC4' }
8     +TLSProtocolMin { ($ldap{SSLv3} || 'disabled') eq 'enabled' ? '3.0' : '3.1' }
9     TLSCACertificateFile /var/service/ldap/ssl/slapd.pem
10     TLSCertificateFile /var/service/ldap/ssl/slapd.pem
11     TLSCertificateKeyFile /var/service/ldap/ssl/slapd.pem

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed