diff options
author | Rob Crittenden <rcritten@redhat.com> | 2014-10-30 11:52:14 -0400 |
---|---|---|
committer | Jan Cholasta <jcholast@redhat.com> | 2014-11-24 13:09:44 +0000 |
commit | 5c0ad221e815e8c7b95c1d1095ebd6cf18e7e11c (patch) | |
tree | 1a87eeb179772b5be2db9b32474099ac8164bac8 /ipalib/constants.py | |
parent | aa9ecb253a60d9d15cd41c5c38695fe64058669a (diff) | |
download | freeipa-5c0ad221e815e8c7b95c1d1095ebd6cf18e7e11c.tar.gz freeipa-5c0ad221e815e8c7b95c1d1095ebd6cf18e7e11c.tar.xz freeipa-5c0ad221e815e8c7b95c1d1095ebd6cf18e7e11c.zip |
Use NSS protocol range API to set available TLS protocols
Protocols are configured as an inclusive range from SSLv3 through
TLSv1.2. The allowed values in the range are ssl3, tls1.0,
tls1.1 and tls1.2.
This is overridable per client by setting tls_version_min and/or
tls_version_max.
https://fedorahosted.org/freeipa/ticket/4653
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Diffstat (limited to 'ipalib/constants.py')
-rw-r--r-- | ipalib/constants.py | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/ipalib/constants.py b/ipalib/constants.py index 325414b64..df31a2088 100644 --- a/ipalib/constants.py +++ b/ipalib/constants.py @@ -122,6 +122,10 @@ DEFAULT_CONFIG = ( ('rpc_protocol', 'jsonrpc'), + # Define an inclusive range of SSL/TLS version support + ('tls_version_min', 'tls1.0'), + ('tls_version_max', 'tls1.2'), + # Time to wait for a service to start, in seconds ('startup_timeout', 300), |