equal
deleted
inserted
replaced
|
1 Fixes problem with setting the TLS client protocol version and ciphersuite |
|
2 in the NSSWITCH LDAP library in Solaris. |
|
3 Patch was developed in-house; it is Solaris specific and |
|
4 will not be contributed upstream. |
|
5 |
|
6 --- openldap-2.4.30/libraries/libldap/ldap.conf.old Mon Jun 1 16:46:56 2015 |
|
7 +++ openldap-2.4.30/libraries/libldap/ldap.conf Mon Jun 1 16:47:08 2015 |
|
8 @@ -9,5 +9,8 @@ |
|
9 #URI ldap://ldap.example.com ldap://ldap-master.example.com:666 |
|
10 |
|
11 #SIZELIMIT 12 |
|
12 #TIMELIMIT 15 |
|
13 #DEREF never |
|
14 + |
|
15 +TLS_PROTOCOL_MIN 3.2 |
|
16 +TLS_CIPHER_SUITE -ALL:+TLSv1.2:+TLSv1.1 |
|
17 --- openldap-2.4.30/servers/slapd/slapd.conf.old Mon Jun 1 16:47:47 2015 |
|
18 +++ openldap-2.4.30/servers/slapd/slapd.conf Mon Jun 1 16:47:59 2015 |
|
19 @@ -22,10 +22,12 @@ |
|
20 # Sample security restrictions |
|
21 # Require integrity protection (prevent hijacking) |
|
22 # Require 112-bit (3DES or better) encryption for updates |
|
23 # Require 63-bit encryption for simple bind |
|
24 # security ssf=1 update_ssf=112 simple_bind=64 |
|
25 +TLSProtocolMin 3.2 |
|
26 +TLSCipherSuite -ALL:+TLSv1.2:+TLSv1.1 |
|
27 |
|
28 # Sample access control policy: |
|
29 # Root DSE: allow anyone to read it |
|
30 # Subschema (sub)entry DSE: allow anyone to read it |
|
31 # Other DSEs: |