upstream/oracle/userland-gate: components/openldap/patches/01-no-ssl3.patch@14b1a4293086 (annotated)

4654 94e90d50dc0e 20220521 OpenLDAP TLS Protocol/Ciphersuite selection for nsswitch-ldap zihao.zhu@oracle.com <zihao.zhu@oracle.com> parents: diff changeset	1	Fixes problem with setting the TLS client protocol version and ciphersuite
94e90d50dc0e 20220521 OpenLDAP TLS Protocol/Ciphersuite selection for nsswitch-ldap zihao.zhu@oracle.com <zihao.zhu@oracle.com> parents: diff changeset	2	in the NSSWITCH LDAP library in Solaris.
94e90d50dc0e 20220521 OpenLDAP TLS Protocol/Ciphersuite selection for nsswitch-ldap zihao.zhu@oracle.com <zihao.zhu@oracle.com> parents: diff changeset	3	Patch was developed in-house; it is Solaris specific and
94e90d50dc0e 20220521 OpenLDAP TLS Protocol/Ciphersuite selection for nsswitch-ldap zihao.zhu@oracle.com <zihao.zhu@oracle.com> parents: diff changeset	4	will not be contributed upstream.
94e90d50dc0e 20220521 OpenLDAP TLS Protocol/Ciphersuite selection for nsswitch-ldap zihao.zhu@oracle.com <zihao.zhu@oracle.com> parents: diff changeset	5
5911 a8d897c4c442 PSARC/2016/225 OpenLDAP Update to 2.4.44 zihao.zhu@oracle.com <zihao.zhu@oracle.com> parents: 4748 diff changeset	6	--- openldap-2.4.44/libraries/libldap/ldap.conf.old Thu Nov 5 10:11:14 2015
a8d897c4c442 PSARC/2016/225 OpenLDAP Update to 2.4.44 zihao.zhu@oracle.com <zihao.zhu@oracle.com> parents: 4748 diff changeset	7	+++ openldap-2.4.44/libraries/libldap/ldap.conf Thu Nov 5 10:16:44 2015
4654 94e90d50dc0e 20220521 OpenLDAP TLS Protocol/Ciphersuite selection for nsswitch-ldap zihao.zhu@oracle.com <zihao.zhu@oracle.com> parents: diff changeset	8	@@ -9,5 +9,8 @@
94e90d50dc0e 20220521 OpenLDAP TLS Protocol/Ciphersuite selection for nsswitch-ldap zihao.zhu@oracle.com <zihao.zhu@oracle.com> parents: diff changeset	9	#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
94e90d50dc0e 20220521 OpenLDAP TLS Protocol/Ciphersuite selection for nsswitch-ldap zihao.zhu@oracle.com <zihao.zhu@oracle.com> parents: diff changeset	10
94e90d50dc0e 20220521 OpenLDAP TLS Protocol/Ciphersuite selection for nsswitch-ldap zihao.zhu@oracle.com <zihao.zhu@oracle.com> parents: diff changeset	11	#SIZELIMIT 12
94e90d50dc0e 20220521 OpenLDAP TLS Protocol/Ciphersuite selection for nsswitch-ldap zihao.zhu@oracle.com <zihao.zhu@oracle.com> parents: diff changeset	12	#TIMELIMIT 15
94e90d50dc0e 20220521 OpenLDAP TLS Protocol/Ciphersuite selection for nsswitch-ldap zihao.zhu@oracle.com <zihao.zhu@oracle.com> parents: diff changeset	13	#DEREF never
94e90d50dc0e 20220521 OpenLDAP TLS Protocol/Ciphersuite selection for nsswitch-ldap zihao.zhu@oracle.com <zihao.zhu@oracle.com> parents: diff changeset	14	+
94e90d50dc0e 20220521 OpenLDAP TLS Protocol/Ciphersuite selection for nsswitch-ldap zihao.zhu@oracle.com <zihao.zhu@oracle.com> parents: diff changeset	15	+TLS_PROTOCOL_MIN 3.2
4748 976281af43d9 21577683 Incorrect TLS_CIPHER_SUITE string value in ldap.conf and slapd.conf zihao.zhu@oracle.com <zihao.zhu@oracle.com> parents: 4654 diff changeset	16	+TLS_CIPHER_SUITE TLSv1.2:!aNULL:!eNULL:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-DES-CBC3-SHA:DHE-DSS-DES-CBC3-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA
5911 a8d897c4c442 PSARC/2016/225 OpenLDAP Update to 2.4.44 zihao.zhu@oracle.com <zihao.zhu@oracle.com> parents: 4748 diff changeset	17	--- openldap-2.4.44/servers/slapd/slapd.conf.old Thu Nov 5 10:11:25 2015
a8d897c4c442 PSARC/2016/225 OpenLDAP Update to 2.4.44 zihao.zhu@oracle.com <zihao.zhu@oracle.com> parents: 4748 diff changeset	18	+++ openldap-2.4.44/servers/slapd/slapd.conf Thu Nov 5 10:16:24 2015
a8d897c4c442 PSARC/2016/225 OpenLDAP Update to 2.4.44 zihao.zhu@oracle.com <zihao.zhu@oracle.com> parents: 4748 diff changeset	19	@@ -23,6 +23,8 @@
4654 94e90d50dc0e 20220521 OpenLDAP TLS Protocol/Ciphersuite selection for nsswitch-ldap zihao.zhu@oracle.com <zihao.zhu@oracle.com> parents: diff changeset	20	# Require 112-bit (3DES or better) encryption for updates
94e90d50dc0e 20220521 OpenLDAP TLS Protocol/Ciphersuite selection for nsswitch-ldap zihao.zhu@oracle.com <zihao.zhu@oracle.com> parents: diff changeset	21	# Require 63-bit encryption for simple bind
94e90d50dc0e 20220521 OpenLDAP TLS Protocol/Ciphersuite selection for nsswitch-ldap zihao.zhu@oracle.com <zihao.zhu@oracle.com> parents: diff changeset	22	# security ssf=1 update_ssf=112 simple_bind=64
5911 a8d897c4c442 PSARC/2016/225 OpenLDAP Update to 2.4.44 zihao.zhu@oracle.com <zihao.zhu@oracle.com> parents: 4748 diff changeset	23	+TLSProtocolMin 3.2
4748 976281af43d9 21577683 Incorrect TLS_CIPHER_SUITE string value in ldap.conf and slapd.conf zihao.zhu@oracle.com <zihao.zhu@oracle.com> parents: 4654 diff changeset	24	+TLSCipherSuite TLSv1.2:!aNULL:!eNULL:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-DES-CBC3-SHA:DHE-DSS-DES-CBC3-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA
4654 94e90d50dc0e 20220521 OpenLDAP TLS Protocol/Ciphersuite selection for nsswitch-ldap zihao.zhu@oracle.com <zihao.zhu@oracle.com> parents: diff changeset	25
94e90d50dc0e 20220521 OpenLDAP TLS Protocol/Ciphersuite selection for nsswitch-ldap zihao.zhu@oracle.com <zihao.zhu@oracle.com> parents: diff changeset	26	# Sample access control policy:
94e90d50dc0e 20220521 OpenLDAP TLS Protocol/Ciphersuite selection for nsswitch-ldap zihao.zhu@oracle.com <zihao.zhu@oracle.com> parents: diff changeset	27	# Root DSE: allow anyone to read it

author	Mike Sullivan <Mike.Sullivan@Oracle.COM>
	Thu, 26 Jan 2017 16:44:14 -0800
changeset 7617	14b1a4293086
parent 5911	a8d897c4c442
permissions	-rw-r--r--