summaryrefslogtreecommitdiffstats
path: root/ipalib
diff options
context:
space:
mode:
Diffstat (limited to 'ipalib')
-rw-r--r--ipalib/constants.py4
-rw-r--r--ipalib/rpc.py5
2 files changed, 8 insertions, 1 deletions
diff --git a/ipalib/constants.py b/ipalib/constants.py
index 325414b64..df31a2088 100644
--- a/ipalib/constants.py
+++ b/ipalib/constants.py
@@ -122,6 +122,10 @@ DEFAULT_CONFIG = (
('rpc_protocol', 'jsonrpc'),
+ # Define an inclusive range of SSL/TLS version support
+ ('tls_version_min', 'tls1.0'),
+ ('tls_version_max', 'tls1.2'),
+
# Time to wait for a service to start, in seconds
('startup_timeout', 300),
diff --git a/ipalib/rpc.py b/ipalib/rpc.py
index 001b7f1ca..ab5b2f630 100644
--- a/ipalib/rpc.py
+++ b/ipalib/rpc.py
@@ -69,6 +69,7 @@ from ipalib.krb_utils import KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN, KRB5KRB_AP_ERR_TKT
KRB5_FCC_PERM, KRB5_FCC_NOFILE, KRB5_CC_FORMAT, KRB5_REALM_CANT_RESOLVE
from ipapython.dn import DN
from ipalib.capabilities import VERSION_WITHOUT_CAPABILITIES
+from ipalib import api
COOKIE_NAME = 'ipa_session'
KEYRING_COOKIE_NAME = '%s_cookie:%%s' % COOKIE_NAME
@@ -492,7 +493,9 @@ class SSLTransport(LanguageAwareTransport):
if sys.version_info < (2, 7):
conn = NSSHTTPS(host, 443, dbdir=dbdir, no_init=no_init)
else:
- conn = NSSConnection(host, 443, dbdir=dbdir, no_init=no_init)
+ conn = NSSConnection(host, 443, dbdir=dbdir, no_init=no_init,
+ tls_version_min=api.env.tls_version_min,
+ tls_version_max=api.env.tls_version_max)
self.dbdir=dbdir
conn.connect()
generated by cgit (git 2.34.1) at 2024-07-04 22:26:20 +0000