diff options
author | Alexander Bokovoy <abokovoy@redhat.com> | 2014-10-21 15:59:04 +0300 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2014-10-21 15:54:02 +0200 |
commit | 20761f7fcd86dbfad53af78bce2bd3892dfe8232 (patch) | |
tree | f12101065ed43173942dce41455ac778c51af6ed /ipaserver/install/httpinstance.py | |
parent | 3eec7e1f53f298d752204f6268b8228ebb1ef55e (diff) | |
download | freeipa-20761f7fcd86dbfad53af78bce2bd3892dfe8232.tar.gz freeipa-20761f7fcd86dbfad53af78bce2bd3892dfe8232.tar.xz freeipa-20761f7fcd86dbfad53af78bce2bd3892dfe8232.zip |
Default to use TLSv1.0 and TLSv1.1 on the IPA server side
We only will be changing the setting on the install.
For modifying existing configurations please follow instructions
at https://access.redhat.com/solutions/1232413
Reviewed-By: Martin Kosek <mkosek@redhat.com>
Diffstat (limited to 'ipaserver/install/httpinstance.py')
-rw-r--r-- | ipaserver/install/httpinstance.py | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py index e34034706..14efa5b93 100644 --- a/ipaserver/install/httpinstance.py +++ b/ipaserver/install/httpinstance.py @@ -115,6 +115,7 @@ class HTTPInstance(service.Service): self.step("setting mod_nss port to 443", self.__set_mod_nss_port) + self.step("setting mod_nss protocol list to TLSv1.0 and TLSv1.1", self.__set_mod_nss_protocol) self.step("setting mod_nss password file", self.__set_mod_nss_passwordfile) self.step("enabling mod_nss renegotiate", self.enable_mod_nss_renegotiate) self.step("adding URL rewriting rules", self.__add_include) @@ -204,6 +205,9 @@ class HTTPInstance(service.Service): def __set_mod_nss_nickname(self, nickname): installutils.set_directive(paths.HTTPD_NSS_CONF, 'NSSNickname', nickname) + def __set_mod_nss_protocol(self): + installutils.set_directive(paths.HTTPD_NSS_CONF, 'NSSProtocol', 'TLSv1.0,TLSv1.1', False) + def enable_mod_nss_renegotiate(self): installutils.set_directive(paths.HTTPD_NSS_CONF, 'NSSRenegotiation', 'on', False) installutils.set_directive(paths.HTTPD_NSS_CONF, 'NSSRequireSafeNegotiation', 'on', False) |