<html>
  <head>
    <meta content="text/html; charset=windows-1252"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix">On 08/19/15 13:46, Christina Fu wrote:<br>
    </div>
    <blockquote cite="mid:55D4DD0B.8020609@redhat.com" type="cite">this
      patch is to address:
      <br>
      <a class="moz-txt-link-freetext" href="https://fedorahosted.org/pki/ticket/1566">https://fedorahosted.org/pki/ticket/1566</a> non-CA subystem
      installations failing while trying to join security domain
      <br>
      <br>
      Please note that the two TLS_RSA ciphers have been left under ecc
      for installation in place of the TLS_ECDHE_RSA ones.
      <br>
      <br>
      thanks,
      <br>
      Christina
      <br>
      <br>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
Pki-devel mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Pki-devel@redhat.com">Pki-devel@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/pki-devel">https://www.redhat.com/mailman/listinfo/pki-devel</a></pre>
    </blockquote>
    (1) in pkiparser.py for ECC, +TLS_RSA_WITH_AES_256_CBC_SHA256 and
    +TLS_RSA_WITH_AES_128_GCM_SHA256 are turned on (this is for
    installation)<br>
    (2) in ciphers.info, for ECC, you have
    -TLS_RSA_WITH_AES_256_CBC_SHA256 and
    -TLS_RSA_WITH_AES_128_GCM_SHA256 are turned off for
    sslRangeCiphers=...<br>
    <br>
    After conversation, it is understood that the signs should be
    flipped in ciphers.info to match these changes in pkiparser.py.<br>
    <br>
    Conditional ACK based upon correcting ciphers.info.<br>
  </body>
</html>