rpms / ipa

Clone
Source Code
GIT

Blame SOURCES/1011-Disable-TLS-1.2-in-nss.conf-until-mod_nss-supports-i.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-DL1 c8-beta-stream-client c8-stream-DL1 c8-stream-client c8s-stream-DL1 c8s-stream-client c9 c9-beta
  1.   e3ffaba991846b3d30db421b233d97e0de702b6f
  2.   SOURCES
  3.   1011-Disable-TLS-1.2-in-nss.conf-until-mod_nss-supports-i.patch
Blob History Raw
e3ffab 
From e1bac92634c2783b4003d496539810a2d993f71d Mon Sep 17 00:00:00 2001
e3ffab 
From: Jan Cholasta <jcholast@redhat.com>
e3ffab 
Date: Tue, 9 Dec 2014 10:33:20 +0000
e3ffab 
Subject: [PATCH] Disable TLS 1.2 in nss.conf until mod_nss supports it
e3ffab
e3ffab 
---
e3ffab 
 install/tools/ipa-upgradeconfig   | 8 ++++++--
e3ffab 
 ipaserver/install/httpinstance.py | 4 ++--
e3ffab 
 2 files changed, 8 insertions(+), 4 deletions(-)
e3ffab
e3ffab 
diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig
e3ffab 
index cf85f58c26510fcd105b54126152a50474c869b5..2691f0b0f217793243f7a0813f351c4364e2a951 100755
e3ffab 
--- a/install/tools/ipa-upgradeconfig
e3ffab 
+++ b/install/tools/ipa-upgradeconfig
e3ffab 
@@ -1276,13 +1276,17 @@ def fix_trust_flags():
e3ffab 
 def update_mod_nss_protocol(http):
e3ffab 
     root_logger.info('[Updating mod_nss protocol versions]')
e3ffab
e3ffab 
-    if sysupgrade.get_upgrade_state('nss.conf', 'protocol_updated_tls12'):
e3ffab 
+    if sysupgrade.get_upgrade_state('nss.conf', 'protocol_updated_tls11'):
e3ffab 
         root_logger.info("Protocol versions already updated")
e3ffab 
         return
e3ffab
e3ffab 
     http.set_mod_nss_protocol()
e3ffab
e3ffab 
-    sysupgrade.set_upgrade_state('nss.conf', 'protocol_updated_tls12', True)
e3ffab 
+    sysupgrade.set_upgrade_state('nss.conf', 'protocol_updated_tls11', True)
e3ffab 
+
e3ffab 
+    if sysupgrade.get_upgrade_state('nss.conf', 'protocol_updated_tls12'):
e3ffab 
+        sysupgrade.set_upgrade_state('nss.conf', 'protocol_updated_tls12',
e3ffab 
+                                     False)
e3ffab
e3ffab
e3ffab 
 def main():
e3ffab 
diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py
e3ffab 
index cda85ab02b8054748e671935fcfbc3993257c53e..13c44abf59dbaf6f4aef1425992fa8ff181a3007 100644
e3ffab 
--- a/ipaserver/install/httpinstance.py
e3ffab 
+++ b/ipaserver/install/httpinstance.py
e3ffab 
@@ -119,7 +119,7 @@ class HTTPInstance(service.Service):
e3ffab
e3ffab
e3ffab 
         self.step("setting mod_nss port to 443", self.__set_mod_nss_port)
e3ffab 
-        self.step("setting mod_nss protocol list to TLSv1.0 - TLSv1.2",
e3ffab 
+        self.step("setting mod_nss protocol list to TLSv1.0 - TLSv1.1",
e3ffab 
                   self.set_mod_nss_protocol)
e3ffab 
         self.step("setting mod_nss password file", self.__set_mod_nss_passwordfile)
e3ffab 
         self.step("enabling mod_nss renegotiate", self.enable_mod_nss_renegotiate)
e3ffab 
@@ -214,7 +214,7 @@ class HTTPInstance(service.Service):
e3ffab 
         installutils.set_directive(paths.HTTPD_NSS_CONF, 'NSSNickname', nickname)
e3ffab
e3ffab 
     def set_mod_nss_protocol(self):
e3ffab 
-        installutils.set_directive(paths.HTTPD_NSS_CONF, 'NSSProtocol', 'TLSv1.0,TLSv1.1,TLSv1.2', False)
e3ffab 
+        installutils.set_directive(paths.HTTPD_NSS_CONF, 'NSSProtocol', 'TLSv1.0,TLSv1.1', False)
e3ffab
e3ffab 
     def enable_mod_nss_renegotiate(self):
e3ffab 
         installutils.set_directive(paths.HTTPD_NSS_CONF, 'NSSRenegotiation', 'on', False)
e3ffab 
--
e3ffab 
2.1.0
e3ffab

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation