/[smeserver]/rpms/e-smith-ldap/sme9/e-smith-ldap-5.4.0-strong_encryption.patch
ViewVC logotype

Contents of /rpms/e-smith-ldap/sme9/e-smith-ldap-5.4.0-strong_encryption.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph

Revision 1.1 - (show annotations) (download)
Thu Feb 23 10:52:44 2017 UTC (7 years, 2 months ago) by vip-ire
Branch: MAIN
CVS Tags: e-smith-ldap-5_4_0-21_el6_sme, HEAD 
* Thu Feb 23 2017 Daniel Berteaud <daniel@firewall-services.com> 5.4.0-21.sme
- Disable SSLv3, but keep the possibility to enable it again [SME: 10113]
- Better default cipher suite, and honor global suite [SME: 10113]
1 diff -Nur e-smith-ldap-5.6.0/root/etc/e-smith/templates/etc/openldap/slapd.conf/12tls e-smith-ldap-5.6.0_bz10108/root/etc/e-smith/templates/etc/openldap/slapd.conf/12tls
2 --- e-smith-ldap-5.6.0/root/etc/e-smith/templates/etc/openldap/slapd.conf/12tls 2013-02-13 16:21:49.000000000 +0100
3 +++ e-smith-ldap-5.6.0_bz10108/root/etc/e-smith/templates/etc/openldap/slapd.conf/12tls 2017-02-23 11:17:10.540389619 +0100
4 @@ -1,5 +1,6 @@
5
6 -TLSCipherSuite HIGH:MEDIUM:+SSLv2
7 +TLSCipherSuite { $ldap{CipherSuite} || $modSSL{CipherSuite} || 'HIGH:!SSLv2:!ADH:!aNULL:!MD5:!RC4' }
8 +TLSProtocolMin { ($ldap{SSLv3} || 'disabled') eq 'enabled' ? '3.0' : '3.1' }
9 TLSCACertificateFile /var/service/ldap/ssl/slapd.pem
10 TLSCertificateFile /var/service/ldap/ssl/slapd.pem
11 TLSCertificateKeyFile /var/service/ldap/ssl/slapd.pem
admin@koozali.org
 ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed