[Freeipa-devel] [PATCH] 1111 Use NSS protocol range setter
Martin Kosek
mkosek at redhat.com
Tue Nov 25 11:47:40 UTC 2014
On 11/25/2014 09:35 AM, Jan Cholasta wrote:
> Dne 24.11.2014 v 15:59 Rob Crittenden napsal(a):
...
>>> 2) Configure mod_nss to also support TLS 1.2. It should be done on both
>>> server install and upgrade. This requires a new version of mod_nss.
>>
>> mod_nss 1.0.10 in F-21 and rawhide should both support TLS 1.2 today.
>>
>> mod_nss is also very tolerant of bad/unknown protocols. It won't blow up
>> on unknown protocols.
>>
>> So if the given mod_nss doesn't support TLSv1.2 it will simply report an
>> error about an unknown protocol and configure the server for 1.0/1.1 if
>> configured as:
>>
>> NSSProtocol TLSv1.0,TLSv1.1,TLSv1.2
>
> The attached patch 379 fixes this.
Works for me, ACK!
Pushed to:
master: bef1d18878118aea379659bb10d78c1e955b0b63
ipa-4-1: dc443cc4503822cb35c3693e5e525425573140f2
Martin
More information about the Freeipa-devel
mailing list