diff options
Diffstat (limited to 'ipalib')
-rw-r--r-- | ipalib/constants.py | 4 | ||||
-rw-r--r-- | ipalib/rpc.py | 5 |
2 files changed, 8 insertions, 1 deletions
diff --git a/ipalib/constants.py b/ipalib/constants.py index 325414b64..df31a2088 100644 --- a/ipalib/constants.py +++ b/ipalib/constants.py @@ -122,6 +122,10 @@ DEFAULT_CONFIG = ( ('rpc_protocol', 'jsonrpc'), + # Define an inclusive range of SSL/TLS version support + ('tls_version_min', 'tls1.0'), + ('tls_version_max', 'tls1.2'), + # Time to wait for a service to start, in seconds ('startup_timeout', 300), diff --git a/ipalib/rpc.py b/ipalib/rpc.py index 001b7f1ca..ab5b2f630 100644 --- a/ipalib/rpc.py +++ b/ipalib/rpc.py @@ -69,6 +69,7 @@ from ipalib.krb_utils import KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN, KRB5KRB_AP_ERR_TKT KRB5_FCC_PERM, KRB5_FCC_NOFILE, KRB5_CC_FORMAT, KRB5_REALM_CANT_RESOLVE from ipapython.dn import DN from ipalib.capabilities import VERSION_WITHOUT_CAPABILITIES +from ipalib import api COOKIE_NAME = 'ipa_session' KEYRING_COOKIE_NAME = '%s_cookie:%%s' % COOKIE_NAME @@ -492,7 +493,9 @@ class SSLTransport(LanguageAwareTransport): if sys.version_info < (2, 7): conn = NSSHTTPS(host, 443, dbdir=dbdir, no_init=no_init) else: - conn = NSSConnection(host, 443, dbdir=dbdir, no_init=no_init) + conn = NSSConnection(host, 443, dbdir=dbdir, no_init=no_init, + tls_version_min=api.env.tls_version_min, + tls_version_max=api.env.tls_version_max) self.dbdir=dbdir conn.connect() |