Update SSL ciphers configured in 389-ds-base

use configuration parameters to enable ciphers provided by NSS and not considered weak. This requires 389-ds version 1.3.3.2 or later https://fedorahosted.org/freeipa/ticket/4395 Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
author: Ludwig Krispenz <lkrispen@redhat.com> 2014-09-12 12:43:31 +0200
committer: Martin Kosek <mkosek@redhat.com> 2014-09-12 16:42:09 +0200
commit: ab196220fdd886fc2b1998eeee0f8e9a4b384845 (patch)
tree: 6a66fdaa676cd87d9322e7a4f3f38f215cd19653 /install/updates/20-sslciphers.update
parent: 854bc42913f663dce1f2e0fbb44a670a2812d87c (diff)
download: freeipa-ab196220fdd886fc2b1998eeee0f8e9a4b384845.tar.gz
freeipa-ab196220fdd886fc2b1998eeee0f8e9a4b384845.tar.xz
freeipa-ab196220fdd886fc2b1998eeee0f8e9a4b384845.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/install/updates/20-sslciphers.update b/install/updates/20-sslciphers.update
new file mode 100644
index 000000000..b0c952f49
--- /dev/null
+++ b/install/updates/20-sslciphers.update
@@ -0,0 +1,6 @@
+# change configured ciphers
+# the result of this update will be that all ciphers
+# provided by NSS which ar not weak will be enabled
+dn: cn=encryption,cn=config
+only:nsSSL3Ciphers: +all
+addifnew:allowWeakCipher: off
author	Ludwig Krispenz <lkrispen@redhat.com>	2014-09-12 12:43:31 +0200
committer	Martin Kosek <mkosek@redhat.com>	2014-09-12 16:42:09 +0200
commit	ab196220fdd886fc2b1998eeee0f8e9a4b384845 (patch)
tree	6a66fdaa676cd87d9322e7a4f3f38f215cd19653 /install/updates/20-sslciphers.update
parent	854bc42913f663dce1f2e0fbb44a670a2812d87c (diff)
download	freeipa-ab196220fdd886fc2b1998eeee0f8e9a4b384845.tar.gz freeipa-ab196220fdd886fc2b1998eeee0f8e9a4b384845.tar.xz freeipa-ab196220fdd886fc2b1998eeee0f8e9a4b384845.zip