[389-devel] please review: [389 Project] #47928: Disable SSL v3, by default.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

https://fedorahosted.org/389/ticket/47928

https://fedorahosted.org/389/attachment/ticket/47928/0001-Ticket-47928-Disable-SSL-v3-by-default.3.patch
git patch file (master) -- Changing the default SSL Version Min value from TLS 1.1 to TLS 1.0. 

On 11/13/2014 12:22 PM, 389 Project wrote:

Comment (by nhosoi):

  Description:
  Changing the default SSL Version Min value from TLS 1.1 to TLS 1.0.
  In dn: cn=encryption,cn=config,
  0) Setting no SSL version attrs (using defaults); supported max is TLS1.2
     ==>
     SSL Initialization - Configured SSL version range: min: TLS1.0, max:
  TLS1.2

  1) Setting old/new SSL version attrs; no conflict; supported max is TLS1.2
     sslVersionMin: TLS1.0
     sslVersionMax: TLS1.3
     nsSSL3: off
     nsTLS1: on
     ==>
     SSL Initialization - Configured SSL version range: min: TLS1.0, max:
  TLS1.2
  2) Setting new SSL version attrs; supported max is TLS1.2
     sslVersionMin: TLS1.0
     sslVersionMax: TLS1.3
     ==>
     SSL Initialization - Configured SSL version range: min: TLS1.0, max:
  TLS1.2

  3) Setting old/new SSL version attrs; conflict (new min is stricter);
  supported max is TLS1.2
     nsSSL3: on
     sslVersionMin: TLS1.0
     ==>
     SSL alert: Found unsecure configuration: nsSSL3: on; We strongly
  recommend to dis
     able nsSSL3 in cn=encryption,cn=config.
     SSL alert: Configured range: min: TLS1.0, max: TLS1.2; but both nsSSL3
  and nsTLS1
      are on. Respect the supported range.
     SSL Initialization - Configured SSL version range: min: TLS1.0, max:
  TLS1.2

  4) Setting old/new SSL version attrs; conflict (old min is stricter);
  supported max is TLS1.2
     nsSSL3: off
     sslVersionMin: SSL3
     sslVersionMax: SSL3
     ==>
     SSL alert: nsTLS1 is on, but the version range is lower than "TLS1.0";
  Configuring
      the version range as default min: TLS1.0, max: TLS1.2.
     SSL Initialization - Configured SSL version range: min: TLS1.0, max:
  TLS1.2

  5) Setting old/new SSL version attrs; no conflict; setting SSL3
     nsSSL3: on
     nsTLS1: off
     sslVersionMin: SSL3
     sslVersionMax: SSL3
     ==>
     SSL alert: Found unsecure configuration: nsSSL3: on; We strongly
  recommend to disable
     nsSSL3 in cn=encryption,cn=config.
     SSL alert: Too low configured range: min: SSL3, max: SSL3; We strongly
  recommend
     to set sslVersionMin higher than TLS1.0.
     SSL Initialization - Configured SSL version range: min: SSL3, max: SSL3



--
389-devel mailing list
389-devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-devel
[Index of Archives]     [Fedora Directory Announce]     [Fedora Users]     [Older Fedora Users Mail]     [Fedora Advisory Board]     [Fedora Security]     [Fedora Devel Java]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Mentors]     [Fedora Package Review]     [Fedora Art]     [Fedora Music]     [Fedora Packaging]     [CentOS]     [Fedora SELinux]     [Big List of Linux Books]     [KDE Users]     [Fedora Art]     [Fedora Docs]

  Powered by Linux