|
 |
7c7f29 |
From e39b61ea17ae2cecbadee304678f6506d228c504 Mon Sep 17 00:00:00 2001
|
|
|
7c7f29 |
From: Mark Reynolds <mreynolds@redhat.com>
|
|
|
7c7f29 |
Date: Thu, 7 Jul 2016 14:53:48 -0400
|
|
|
7c7f29 |
Subject: [PATCH 0/3] Ticket 48743 - If a cipher is disabled do not attempt to
|
|
|
7c7f29 |
look it up
|
|
|
7c7f29 |
|
|
|
7c7f29 |
Description: Even if a SSL cipher is disabled the server still attempts
|
|
|
7c7f29 |
to locate the cipher in the security library. If the disabled
|
|
|
7c7f29 |
cipher is unknown it logs a warning at server startup, but
|
|
|
7c7f29 |
if it's disabled there is no reason to check if it exists.
|
|
|
7c7f29 |
|
|
|
7c7f29 |
https://fedorahosted.org/389/ticket/48743
|
|
|
7c7f29 |
|
|
|
7c7f29 |
Reviewed by: nhosoi(Thanks!)
|
|
|
7c7f29 |
|
|
|
7c7f29 |
(cherry picked from commit 6b61e05e04661312871c0b1c6121901d786d54c3)
|
|
|
7c7f29 |
---
|
|
|
7c7f29 |
ldap/servers/slapd/ssl.c | 2 +-
|
|
|
7c7f29 |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
7c7f29 |
|
|
|
7c7f29 |
diff --git a/ldap/servers/slapd/ssl.c b/ldap/servers/slapd/ssl.c
|
|
|
7c7f29 |
index 12a0360..b176460 100644
|
|
|
7c7f29 |
--- a/ldap/servers/slapd/ssl.c
|
|
|
7c7f29 |
+++ b/ldap/servers/slapd/ssl.c
|
|
|
7c7f29 |
@@ -749,7 +749,7 @@ _conf_setciphers(char *ciphers, int flags)
|
|
|
7c7f29 |
if (lookup) { /* lookup with old cipher name and get NSS cipherSuiteName */
|
|
|
7c7f29 |
for (i = 0; _lookup_cipher[i].alias; i++) {
|
|
|
7c7f29 |
if (!PL_strcasecmp(ciphers, _lookup_cipher[i].alias)) {
|
|
|
7c7f29 |
- if (!_lookup_cipher[i].name[0]) {
|
|
|
7c7f29 |
+ if (enabled && !_lookup_cipher[i].name[0]) {
|
|
|
7c7f29 |
slapd_SSL_warn("Cipher suite %s is not available in NSS %d.%d. Ignoring %s",
|
|
|
7c7f29 |
ciphers, NSS_VMAJOR, NSS_VMINOR, ciphers);
|
|
|
7c7f29 |
continue;
|
|
|
7c7f29 |
--
|
|
|
7c7f29 |
2.4.11
|
|
|
7c7f29 |
|