Mercurial Mercurial > upstream > oracle > userland-gate / annotate
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/openldap/patches/01-no-ssl3.patch
author zihao.zhu@oracle.com <zihao.zhu@oracle.com>
Tue, 28 Jul 2015 10:55:35 -0400
branchs11u2-sru
changeset 4705 19671f39ce55
child 4748 976281af43d9
permissions -rw-r--r--
20220521 OpenLDAP TLS Protocol/Ciphersuite selection for nsswitch-ldap 20604417 problem in SERVICE/OPENLDAP
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
4705
19671f39ce55 20220521 OpenLDAP TLS Protocol/Ciphersuite selection for nsswitch-ldap
zihao.zhu@oracle.com <zihao.zhu@oracle.com>
parents:
diff changeset 
     1
 
Fixes problem with setting the TLS client protocol version and ciphersuite
19671f39ce55 20220521 OpenLDAP TLS Protocol/Ciphersuite selection for nsswitch-ldap
zihao.zhu@oracle.com <zihao.zhu@oracle.com>
parents:
diff changeset 
     2
 
in the NSSWITCH LDAP library in Solaris.
19671f39ce55 20220521 OpenLDAP TLS Protocol/Ciphersuite selection for nsswitch-ldap
zihao.zhu@oracle.com <zihao.zhu@oracle.com>
parents:
diff changeset 
     3
 
Patch was developed in-house; it is Solaris specific and
19671f39ce55 20220521 OpenLDAP TLS Protocol/Ciphersuite selection for nsswitch-ldap
zihao.zhu@oracle.com <zihao.zhu@oracle.com>
parents:
diff changeset 
     4
 
will not be contributed upstream.
19671f39ce55 20220521 OpenLDAP TLS Protocol/Ciphersuite selection for nsswitch-ldap
zihao.zhu@oracle.com <zihao.zhu@oracle.com>
parents:
diff changeset 
     5
 












19671f39ce55
20220521 OpenLDAP TLS Protocol/Ciphersuite selection for nsswitch-ldap



zihao.zhu@oracle.com <zihao.zhu@oracle.com>


parents: 

diff
changeset




     6


--- openldap-2.4.30/libraries/libldap/ldap.conf.old	Mon Jun  1 16:46:56 2015













19671f39ce55
20220521 OpenLDAP TLS Protocol/Ciphersuite selection for nsswitch-ldap



zihao.zhu@oracle.com <zihao.zhu@oracle.com>


parents: 

diff
changeset




     7


+++ openldap-2.4.30/libraries/libldap/ldap.conf	Mon Jun  1 16:47:08 2015













19671f39ce55
20220521 OpenLDAP TLS Protocol/Ciphersuite selection for nsswitch-ldap



zihao.zhu@oracle.com <zihao.zhu@oracle.com>


parents: 

diff
changeset




     8


@@ -9,5 +9,8 @@













19671f39ce55
20220521 OpenLDAP TLS Protocol/Ciphersuite selection for nsswitch-ldap



zihao.zhu@oracle.com <zihao.zhu@oracle.com>


parents: 

diff
changeset




     9


 #URI	ldap://ldap.example.com ldap://ldap-master.example.com:666













19671f39ce55
20220521 OpenLDAP TLS Protocol/Ciphersuite selection for nsswitch-ldap



zihao.zhu@oracle.com <zihao.zhu@oracle.com>


parents: 

diff
changeset




    10


 













19671f39ce55
20220521 OpenLDAP TLS Protocol/Ciphersuite selection for nsswitch-ldap



zihao.zhu@oracle.com <zihao.zhu@oracle.com>


parents: 

diff
changeset




    11


 #SIZELIMIT	12













19671f39ce55
20220521 OpenLDAP TLS Protocol/Ciphersuite selection for nsswitch-ldap



zihao.zhu@oracle.com <zihao.zhu@oracle.com>


parents: 

diff
changeset




    12


 #TIMELIMIT	15













19671f39ce55
20220521 OpenLDAP TLS Protocol/Ciphersuite selection for nsswitch-ldap



zihao.zhu@oracle.com <zihao.zhu@oracle.com>


parents: 

diff
changeset




    13


 #DEREF		never













19671f39ce55
20220521 OpenLDAP TLS Protocol/Ciphersuite selection for nsswitch-ldap



zihao.zhu@oracle.com <zihao.zhu@oracle.com>


parents: 

diff
changeset




    14


+













19671f39ce55
20220521 OpenLDAP TLS Protocol/Ciphersuite selection for nsswitch-ldap



zihao.zhu@oracle.com <zihao.zhu@oracle.com>


parents: 

diff
changeset




    15


+TLS_PROTOCOL_MIN	3.2













19671f39ce55
20220521 OpenLDAP TLS Protocol/Ciphersuite selection for nsswitch-ldap



zihao.zhu@oracle.com <zihao.zhu@oracle.com>


parents: 

diff
changeset




    16


+TLS_CIPHER_SUITE	-ALL:+TLSv1.2:+TLSv1.1













19671f39ce55
20220521 OpenLDAP TLS Protocol/Ciphersuite selection for nsswitch-ldap



zihao.zhu@oracle.com <zihao.zhu@oracle.com>


parents: 

diff
changeset




    17


--- openldap-2.4.30/servers/slapd/slapd.conf.old	Mon Jun  1 16:47:47 2015













19671f39ce55
20220521 OpenLDAP TLS Protocol/Ciphersuite selection for nsswitch-ldap



zihao.zhu@oracle.com <zihao.zhu@oracle.com>


parents: 

diff
changeset




    18


+++ openldap-2.4.30/servers/slapd/slapd.conf	Mon Jun  1 16:47:59 2015













19671f39ce55
20220521 OpenLDAP TLS Protocol/Ciphersuite selection for nsswitch-ldap



zihao.zhu@oracle.com <zihao.zhu@oracle.com>


parents: 

diff
changeset




    19


@@ -22,10 +22,12 @@













19671f39ce55
20220521 OpenLDAP TLS Protocol/Ciphersuite selection for nsswitch-ldap



zihao.zhu@oracle.com <zihao.zhu@oracle.com>


parents: 

diff
changeset




    20


 # Sample security restrictions













19671f39ce55
20220521 OpenLDAP TLS Protocol/Ciphersuite selection for nsswitch-ldap



zihao.zhu@oracle.com <zihao.zhu@oracle.com>


parents: 

diff
changeset




    21


 #	Require integrity protection (prevent hijacking)













19671f39ce55
20220521 OpenLDAP TLS Protocol/Ciphersuite selection for nsswitch-ldap



zihao.zhu@oracle.com <zihao.zhu@oracle.com>


parents: 

diff
changeset




    22


 #	Require 112-bit (3DES or better) encryption for updates













19671f39ce55
20220521 OpenLDAP TLS Protocol/Ciphersuite selection for nsswitch-ldap



zihao.zhu@oracle.com <zihao.zhu@oracle.com>


parents: 

diff
changeset




    23


 #	Require 63-bit encryption for simple bind













19671f39ce55
20220521 OpenLDAP TLS Protocol/Ciphersuite selection for nsswitch-ldap



zihao.zhu@oracle.com <zihao.zhu@oracle.com>


parents: 

diff
changeset




    24


 # security ssf=1 update_ssf=112 simple_bind=64













19671f39ce55
20220521 OpenLDAP TLS Protocol/Ciphersuite selection for nsswitch-ldap



zihao.zhu@oracle.com <zihao.zhu@oracle.com>


parents: 

diff
changeset




    25


+TLSProtocolMin	3.2













19671f39ce55
20220521 OpenLDAP TLS Protocol/Ciphersuite selection for nsswitch-ldap



zihao.zhu@oracle.com <zihao.zhu@oracle.com>


parents: 

diff
changeset




    26


+TLSCipherSuite	-ALL:+TLSv1.2:+TLSv1.1













19671f39ce55
20220521 OpenLDAP TLS Protocol/Ciphersuite selection for nsswitch-ldap



zihao.zhu@oracle.com <zihao.zhu@oracle.com>


parents: 

diff
changeset




    27


 













19671f39ce55
20220521 OpenLDAP TLS Protocol/Ciphersuite selection for nsswitch-ldap



zihao.zhu@oracle.com <zihao.zhu@oracle.com>


parents: 

diff
changeset




    28


 # Sample access control policy:













19671f39ce55
20220521 OpenLDAP TLS Protocol/Ciphersuite selection for nsswitch-ldap



zihao.zhu@oracle.com <zihao.zhu@oracle.com>


parents: 

diff
changeset




    29


 #	Root DSE: allow anyone to read it













19671f39ce55
20220521 OpenLDAP TLS Protocol/Ciphersuite selection for nsswitch-ldap



zihao.zhu@oracle.com <zihao.zhu@oracle.com>


parents: 

diff
changeset




    30


 #	Subschema (sub)entry DSE: allow anyone to read it













19671f39ce55
20220521 OpenLDAP TLS Protocol/Ciphersuite selection for nsswitch-ldap



zihao.zhu@oracle.com <zihao.zhu@oracle.com>


parents: 

diff
changeset




    31


 #	Other DSEs:















upstream/oracle/userland-gate