diff options
author | Alexander Bokovoy <abokovoy@redhat.com> | 2014-10-21 15:59:04 +0300 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2014-10-21 15:54:02 +0200 |
commit | c44bdeb7713d4d8b8b74690cc16fd40f48f9c115 (patch) | |
tree | feab1e68ce94c3df8e4805ac3d482489ece773f9 | |
parent | 3ba4b4354c12a99536b43c28ef9a41adf7e3cde5 (diff) | |
download | freeipa-c44bdeb7713d4d8b8b74690cc16fd40f48f9c115.tar.gz freeipa-c44bdeb7713d4d8b8b74690cc16fd40f48f9c115.tar.xz freeipa-c44bdeb7713d4d8b8b74690cc16fd40f48f9c115.zip |
Default to use TLSv1.0 and TLSv1.1 on the IPA server side
We only will be changing the setting on the install.
For modifying existing configurations please follow instructions
at https://access.redhat.com/solutions/1232413
Reviewed-By: Martin Kosek <mkosek@redhat.com>
-rw-r--r-- | ipaserver/install/httpinstance.py | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py index 3ca3bf77f..5805995b6 100644 --- a/ipaserver/install/httpinstance.py +++ b/ipaserver/install/httpinstance.py @@ -106,6 +106,7 @@ class HTTPInstance(service.Service): self.step("setting mod_nss port to 443", self.__set_mod_nss_port) + self.step("setting mod_nss protocol list to TLSv1.0 and TLSv1.1", self.__set_mod_nss_protocol) self.step("setting mod_nss password file", self.__set_mod_nss_passwordfile) self.step("enabling mod_nss renegotiate", self.enable_mod_nss_renegotiate) self.step("adding URL rewriting rules", self.__add_include) @@ -250,6 +251,9 @@ class HTTPInstance(service.Service): def __set_mod_nss_nickname(self, nickname): installutils.set_directive(paths.HTTPD_NSS_CONF, 'NSSNickname', nickname) + def __set_mod_nss_protocol(self): + installutils.set_directive(paths.HTTPD_NSS_CONF, 'NSSProtocol', 'TLSv1.0,TLSv1.1', False) + def enable_mod_nss_renegotiate(self): installutils.set_directive(paths.HTTPD_NSS_CONF, 'NSSRenegotiation', 'on', False) installutils.set_directive(paths.HTTPD_NSS_CONF, 'NSSRequireSafeNegotiation', 'on', False) |