diff options
author | Jan Cholasta <jcholast@redhat.com> | 2014-11-25 08:12:53 +0000 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2014-11-25 12:44:13 +0100 |
commit | bef1d18878118aea379659bb10d78c1e955b0b63 (patch) | |
tree | ccd5fb9c0cc2c5e5217ab444fede42a0e5e10b0a /ipaserver | |
parent | ed3dddab870563b398400b05af3d945e8fc2ec9d (diff) | |
download | freeipa-bef1d18878118aea379659bb10d78c1e955b0b63.tar.gz freeipa-bef1d18878118aea379659bb10d78c1e955b0b63.tar.xz freeipa-bef1d18878118aea379659bb10d78c1e955b0b63.zip |
Add TLS 1.2 to the protocol list in mod_nss config
https://fedorahosted.org/freeipa/ticket/4653
Reviewed-By: Martin Kosek <mkosek@redhat.com>
Diffstat (limited to 'ipaserver')
-rw-r--r-- | ipaserver/install/httpinstance.py | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py index 14efa5b93..f9e020039 100644 --- a/ipaserver/install/httpinstance.py +++ b/ipaserver/install/httpinstance.py @@ -115,7 +115,8 @@ class HTTPInstance(service.Service): self.step("setting mod_nss port to 443", self.__set_mod_nss_port) - self.step("setting mod_nss protocol list to TLSv1.0 and TLSv1.1", self.__set_mod_nss_protocol) + self.step("setting mod_nss protocol list to TLSv1.0 - TLSv1.2", + self.set_mod_nss_protocol) self.step("setting mod_nss password file", self.__set_mod_nss_passwordfile) self.step("enabling mod_nss renegotiate", self.enable_mod_nss_renegotiate) self.step("adding URL rewriting rules", self.__add_include) @@ -205,8 +206,8 @@ class HTTPInstance(service.Service): def __set_mod_nss_nickname(self, nickname): installutils.set_directive(paths.HTTPD_NSS_CONF, 'NSSNickname', nickname) - def __set_mod_nss_protocol(self): - installutils.set_directive(paths.HTTPD_NSS_CONF, 'NSSProtocol', 'TLSv1.0,TLSv1.1', False) + def set_mod_nss_protocol(self): + installutils.set_directive(paths.HTTPD_NSS_CONF, 'NSSProtocol', 'TLSv1.0,TLSv1.1,TLSv1.2', False) def enable_mod_nss_renegotiate(self): installutils.set_directive(paths.HTTPD_NSS_CONF, 'NSSRenegotiation', 'on', False) |