[Pki-devel] [PATCH] Ticket 1566 on HSM, non-CA subystem installations failing, while trying to join security domain
Matthew Harmsen
mharmsen at redhat.com
Wed Aug 19 22:02:00 UTC 2015
On 08/19/15 13:46, Christina Fu wrote:
> this patch is to address:
> https://fedorahosted.org/pki/ticket/1566 non-CA subystem installations
> failing while trying to join security domain
>
> Please note that the two TLS_RSA ciphers have been left under ecc for
> installation in place of the TLS_ECDHE_RSA ones.
>
> thanks,
> Christina
>
>
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
(1) in pkiparser.py for ECC, +TLS_RSA_WITH_AES_256_CBC_SHA256 and
+TLS_RSA_WITH_AES_128_GCM_SHA256 are turned on (this is for installation)
(2) in ciphers.info, for ECC, you have -TLS_RSA_WITH_AES_256_CBC_SHA256
and -TLS_RSA_WITH_AES_128_GCM_SHA256 are turned off for sslRangeCiphers=...
After conversation, it is understood that the signs should be flipped in
ciphers.info to match these changes in pkiparser.py.
Conditional ACK based upon correcting ciphers.info.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20150819/007452d0/attachment.htm>
More information about the Pki-devel
mailing list