freeipa.git - FreeIPA patches

diff options

author	Stanislav Laznicka <slaznick@redhat.com>	2017-01-13 12:31:29 +0100
committer	Martin Basti <mbasti@redhat.com>	2017-02-17 10:04:00 +0100
commit	ac6f573a3014aa09811ca1559d470afe75eadbec (patch)
tree	101a27db733d3df671a6b6ae7db9de658f7ea3f0 /ipapython/certdb.py
parent	d0642bfa55e9c24429675f623bc0e35824bc9fb0 (diff)
download	freeipa-ac6f573a3014aa09811ca1559d470afe75eadbec.tar.gz freeipa-ac6f573a3014aa09811ca1559d470afe75eadbec.tar.xz freeipa-ac6f573a3014aa09811ca1559d470afe75eadbec.zip

Explicitly remove support of SSLv2/3

It was possible to set tls_version_min/max to 'ssl2' or 'ssl3', even though newer versions of NSS will fail to set this as a valid TLS version. This patch explicitly checks for deprecated TLS versions prior to creating a TLS connection. Also, we don't allow tls_version_min/max to be set to a random string anymore. https://fedorahosted.org/freeipa/ticket/6607 Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Tomas Krizek <tkrizek@redhat.com>

Diffstat (limited to 'ipapython/certdb.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: