| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
See if the configured user has read access to the NSS database
during initialization so the server can gracefully shutdown
rather than ending up in a forking loop because the database is
owned by root and is therefore unreadable once Apache starts
forking.
Adds a new configuration option, NSSSkipPermissionCheck <on/off>,
to skip this check in case something goes wrong.
https://fedorahosted.org/mod_nss/ticket/3
|
| |
|
|
|
|
|
|
| |
Similar patch was provided by Vitezslav Cizek <vcizek@suse.com>
Heavily modified by Rob Crittenden <rcritten@redhat.com>
https://fedorahosted.org/mod_nss/ticket/15
|
| | |
|
| |
|
|
|
|
|
|
| |
Uses a hash table to pair up server names and nicknames and
a lookup is done during the handshake to determine which
nickname to be used, and therefore which VirtualHost.
Based heavily on patch from Stanislav Tokos <stokos@suse.de>
|
| |
|
|
| |
BZ #1066236
|
| |
|
|
|
|
| |
New server/vhost config option, NSSSessionTickets, to enable
or disable TLS Session Tickets support. This is off by default
in NSS.
|
| |
|
|
|
|
|
| |
Control the buffer size used on a POST when SSL renegotiation is
being done. The default is 128K.
Resolves BZ 1214366
|
| |
|
|
|
|
|
|
| |
- Add Camelia ciphers
- Remove Fortezza ciphers
- Add TLSv1.2-specific ciphers
Resolves BZ: #862938
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
We do a chdir() to the NSS database location so that libnssckbi.so
is available when the database is opened. Strip off a sql: prefix
if one is available. This allows the new sqlite format to work.
Add an additional test pass configuring NSS using the sqlite format.
This requires a bit of a hack to pass in the value to python but
it will work for now.
Resolves: #1057650
|
| |
|
|
|
|
| |
This is in response to the POODLE CVE CVE-2014-3566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
|
| |
|
|
|
| |
If support is available in NSS then it is just a matter of including
TLS 1.2 in the protocol range.
|
| |
|
|
|
|
| |
Matthew Harmsen <mharmsen@redhat.com>
Resolvds #1036940
|
| |
|
|
|
|
|
| |
- correct few cases of <code> used on text that should use normal font
- strip some redundant html tags
- use <pre> for larger command output blocks
- correct few typos
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Set protocol version ranges:
(1) Set the minimum protocol accepted
(2) Set the maximum protocol accepted
(3) Protocol ranges extend from maximum down to minimum
protocol
(4) All protocol ranges are completely inclusive;
no protocol in the middle of a range may be excluded
(5) NSS automatically negotiates the use of the strongest
protocol for a connection starting with the maximum
specified protocol and downgrading as necessary to the
minimum specified protocol
For example, if SSL 3.0 is chosen as the minimum protocol, and
TLS 1.1 is chosen as the maximum protocol, SSL 3.0, TLS 1.0, and
TLS 1.1 will all be accepted as protocols, as TLS 1.0 will not
and cannot be excluded from this range. NSS will automatically
negotiate to utilize the strongest acceptable protocol for a
connection starting with the maximum specified protocol and
downgrading as necessary to the minimum specified protocol
(TLS 1.1 -> TLS 1.0 -> SSL 3.0).
BZ 816394
|
| |
|
|
|
|
| |
Add configuration option to disable this, defaulting to on.
591224
|
| |
|
|
|
|
|
|
| |
and the available ciphers.
Clarify starting up Apache without requiring user intervention.
Fix a few bad links to NSPR.
|
| |
|
|
|
| |
a new directive, NSSRandomSeed based on the mod_ssl SSLRandomSeed
directive.
|
| |
|
|
|
|
| |
adding new configuration directives. For the others we need to
initialize an NSS socket differently whether we will be acting as a
client or a server.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
database module, configures for SSLv3 and TLSv1 and enables the
2 FIPS ciphers (and disables all the others).
|
| |
|
|
| |
Added links to NSS and NSPR
|
| | |
|
| |
|
