389-ds-bot
commented
4 years ago Comment from firstyear (@Firstyear) at 2017-02-11 23:09:19
Metadata Update from @Firstyear:
- Issue set to the milestone: FUTURE
Open 389-ds-bot opened 4 years ago
389-ds-bot
commented
4 years ago Comment from firstyear (@Firstyear) at 2017-02-11 23:09:19
Metadata Update from @Firstyear:
389-ds-bot
commented
4 years ago Comment from firstyear (@Firstyear) at 2017-04-05 06:13:42
Metadata Update from @Firstyear:
389-ds-bot
commented
4 years ago Comment from firstyear (@Firstyear) at 2017-11-27 09:11:39
Metadata Update from @Firstyear:
389-ds-bot
commented
4 years ago Comment from mhonek (@kenoh) at 2019-03-06 16:27:59
Metadata Update from @kenoh:
389-ds-bot
commented
4 years ago Comment from mhonek (@kenoh) at 2020-04-29 16:09:35
Suggestions for how to achieve this:
SSL_VersionRangeGet{Default,Supported}, do not force, warn if out of default, and err if out of supported.Outbound connections should be fine since it seems we don't set ciphers at all for them (so defaults according to policy apply), and the TLS version min. is inherited from our cn=config sslVersionMin.
389-ds-bot
commented
4 years ago Comment from mreynolds (@mreynolds389) at 2020-04-29 16:27:05
Metadata Update from @mreynolds389:
389-ds-bot
commented
4 years ago Comment from mreynolds (@mreynolds389) at 2020-04-29 16:30:32
Metadata Update from @mreynolds389:
tbordaz
commented
3 years ago @mreynolds389 should not be only be done in 2.0
Cloned from Pagure issue: https://pagure.io/389-ds-base/issue/48785
https://fedoraproject.org/wiki/Changes/CryptoPolicy
We should be able to support the system wide crypto policy in DS. This should be able to apply to the listening tls sockets, and for the available routines to outbound connections.