diff options
author | Ludwig Krispenz <lkrispen@redhat.com> | 2014-09-12 12:43:31 +0200 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2014-09-12 16:42:09 +0200 |
commit | ab196220fdd886fc2b1998eeee0f8e9a4b384845 (patch) | |
tree | 6a66fdaa676cd87d9322e7a4f3f38f215cd19653 /install/updates/20-sslciphers.update | |
parent | 854bc42913f663dce1f2e0fbb44a670a2812d87c (diff) | |
download | freeipa-ab196220fdd886fc2b1998eeee0f8e9a4b384845.tar.gz freeipa-ab196220fdd886fc2b1998eeee0f8e9a4b384845.tar.xz freeipa-ab196220fdd886fc2b1998eeee0f8e9a4b384845.zip |
Update SSL ciphers configured in 389-ds-base
use configuration parameters to enable ciphers provided by NSS
and not considered weak.
This requires 389-ds version 1.3.3.2 or later
https://fedorahosted.org/freeipa/ticket/4395
Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
Diffstat (limited to 'install/updates/20-sslciphers.update')
-rw-r--r-- | install/updates/20-sslciphers.update | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/install/updates/20-sslciphers.update b/install/updates/20-sslciphers.update new file mode 100644 index 000000000..b0c952f49 --- /dev/null +++ b/install/updates/20-sslciphers.update @@ -0,0 +1,6 @@ +# change configured ciphers +# the result of this update will be that all ciphers +# provided by NSS which ar not weak will be enabled +dn: cn=encryption,cn=config +only:nsSSL3Ciphers: +all +addifnew:allowWeakCipher: off |