diff options
| author | Ludwig Krispenz <lkrispen@redhat.com> | 2014-09-12 12:43:31 +0200 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2014-09-12 16:42:09 +0200 |
| commit | ab196220fdd886fc2b1998eeee0f8e9a4b384845 (patch) | |
| tree | 6a66fdaa676cd87d9322e7a4f3f38f215cd19653 /install/updates | |
| parent | 854bc42913f663dce1f2e0fbb44a670a2812d87c (diff) | |
| download | freeipa-ab196220fdd886fc2b1998eeee0f8e9a4b384845.tar.gz freeipa-ab196220fdd886fc2b1998eeee0f8e9a4b384845.tar.xz freeipa-ab196220fdd886fc2b1998eeee0f8e9a4b384845.zip | |
Update SSL ciphers configured in 389-ds-base
use configuration parameters to enable ciphers provided by NSS
and not considered weak.
This requires 389-ds version 1.3.3.2 or later
https://fedorahosted.org/freeipa/ticket/4395
Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
Diffstat (limited to 'install/updates')
| -rw-r--r-- | install/updates/20-sslciphers.update | 6 | ||||
| -rw-r--r-- | install/updates/Makefile.am | 1 |
2 files changed, 7 insertions, 0 deletions
diff --git a/install/updates/20-sslciphers.update b/install/updates/20-sslciphers.update new file mode 100644 index 000000000..b0c952f49 --- /dev/null +++ b/install/updates/20-sslciphers.update @@ -0,0 +1,6 @@ +# change configured ciphers +# the result of this update will be that all ciphers +# provided by NSS which ar not weak will be enabled +dn: cn=encryption,cn=config +only:nsSSL3Ciphers: +all +addifnew:allowWeakCipher: off diff --git a/install/updates/Makefile.am b/install/updates/Makefile.am index 1d912a7d2..026cde049 100644 --- a/install/updates/Makefile.am +++ b/install/updates/Makefile.am @@ -14,6 +14,7 @@ app_DATA = \ 20-indices.update \ 20-nss_ldap.update \ 20-replication.update \ + 20-sslciphers.update \ 20-syncrepl.update \ 20-user_private_groups.update \ 20-winsync_index.update \ |