https://fedorahosted.org/389/ticket/605
https://fedorahosted.org/389/attachment/ticket/605/0001-Ticket-605-support-TLS-1.1.patch Description: NSS 3.14 deprecates the current way to configure SSL versions: SSL_OptionSet(pr_sock, SSL_ENABLE_SSL3|SSL_ENABLE_TLS, True|False) Instead, it introduces new range APIs to provide more detailed SSL version control by using SSL_VersionRangeSet(pr_sock, NSSVersions). The NSSVersions has 2 fields "min" and "max", which take the minimum and maximum SSL versions. By default, slapd_ssl_init2 sets the default supported range by NSS, which is min: SSL3 and max: TLS1.2. This patch adds 2 config params sslVersionMin and sslVersionMax to cn=encryption,cn=config to provide the ability to control the values. Both takes: ssl3 or tls1.?. If the range is not supported by the NSS or conflicts with the current params nsSSL3 and nsTLS1, it'd be adjusted. -- 389-devel mailing list 389-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
