[Freeipa-devel] [PATCH] 356 update dogtag configuration to work with NSS CVE-2009-3555 fixes
Rob Crittenden
rcritten at redhat.com
Wed Jan 27 22:01:40 UTC 2010
John Dennis wrote:
> On 01/27/2010 03:35 PM, Rob Crittenden wrote:
>> NSS is going to disallow all SSL renegotiation by default. Because of
>> this we need to always use the agent port of the dogtag server which
>> always requires SSL client authentication. The end user port will prompt
>> for a certificate if required but will attempt to re-do the handshake to
>> make this happen which will fail with newer versions of NSS.
>>
>> This fixed version of NSS is currently in Fedora updates-testing but
>> this patch should work with either release.
>
> ACK
>
pushed to master
More information about the Freeipa-devel
mailing list