| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Check for Apache user owner/group read permissions of NSS database
* Update default ciphers to something more modern and secure
* Fix test for DH cipher directive
* Check for test and netstat before trying to use them
* Don't ignore NSSProtocol when NSSFIPS is enabled
Based on patch by Matthew Harmsen <mharmsen@redhat.com>
* Use proper shell syntax to avoid creating /0
* tests: Centralize the openssl ciphers flags when comparing
* Basic test case for DHE cipher negotiation
* Remove -DH from test strings, duplicate test, fix test
* Add server support for DHE ciphers.
|
| |
|
|
|
|
|
|
|
|
|
| |
- Drop the check that NSSProxyNickname be required
- Add basic reverse proxy test case
- Don't send SSL alert on SNI lookup failure
- Fail for colons in credentials with FakeBasicAuth
- Always call SSL_ShutdownServerSessionIDCache() in ModuleKill
- Document some python dependencies needed by make check
- Add cipher test for ECDH+aRSA
- Quote gcm and sha384 config values when comparing them
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
* Add RenegBufferSize option (#1214366)
* Add support for TLS Session Tickets (RFC 5077)
* Fix logical AND support in OpenSSL cipher compatibility
(CVE-2015-3276)
|
| |
|
|
|
|
|
|
| |
- Add Camelia ciphers
- Remove Fortezza ciphers
- Add TLSv1.2-specific ciphers
Resolves BZ: #862938
|
| |
|
|
|
|
|
|
|
| |
If an NSSCipherSuite is defined in a location or directory then
we re-do the SSL handshake. The cipher list wasn't being initialized
to PR_FALSE so changes are good that all ciphers would be enabled,
not just the ones in the local NSSCipherSuite setting.
Resolves BZ 1165408
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
We do a chdir() to the NSS database location so that libnssckbi.so
is available when the database is opened. Strip off a sql: prefix
if one is available. This allows the new sqlite format to work.
Add an additional test pass configuring NSS using the sqlite format.
This requires a bit of a hack to pass in the value to python but
it will work for now.
Resolves: #1057650
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Patch ported from mod_ssl by Stephen Gallagher <sgallagh@redhat.com>
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
* Ignore SIGHUP in nss_pcache (#591889).
Contributed by Joshua Roys <roysjosh@gmail.com>
2010-05-13 Rob Crittenden <rcritten@redhat.com>
* Compare CN value of remote host with requested host in reverse proxy.
* Add configuration option to disable this, defaulting to on. (#591224)
* Based on patch from Joshua Roys <roysjosh@gmail.com
|
| | |
|
| |
|
|
|
|
| |
non-existant file.
Don't require a password file AND NSSPassPhraseHelper. Only
the helper is required.
|
| | |
|
| |
|
