Open 389-ds-bot opened 4 years ago
Comment from firstyear (@Firstyear) at 2017-02-11 23:09:19
Metadata Update from @Firstyear:
Comment from firstyear (@Firstyear) at 2017-04-05 06:13:42
Metadata Update from @Firstyear:
Comment from firstyear (@Firstyear) at 2017-11-27 09:11:39
Metadata Update from @Firstyear:
Comment from mhonek (@kenoh) at 2019-03-06 16:27:59
Metadata Update from @kenoh:
Comment from mhonek (@kenoh) at 2020-04-29 16:09:35
Suggestions for how to achieve this:
SSL_VersionRangeGet{Default,Supported}
, do not force, warn if out of default, and err if out of supported.Outbound connections should be fine since it seems we don't set ciphers at all for them (so defaults according to policy apply), and the TLS version min. is inherited from our cn=config sslVersionMin.
Comment from mreynolds (@mreynolds389) at 2020-04-29 16:27:05
Metadata Update from @mreynolds389:
Comment from mreynolds (@mreynolds389) at 2020-04-29 16:30:32
Metadata Update from @mreynolds389:
@mreynolds389 should not be only be done in 2.0
Cloned from Pagure issue: https://pagure.io/389-ds-base/issue/48785
https://fedoraproject.org/wiki/Changes/CryptoPolicy
We should be able to support the system wide crypto policy in DS. This should be able to apply to the listening tls sockets, and for the available routines to outbound connections.