equal
deleted
inserted
replaced
11 #SIZELIMIT 12 |
11 #SIZELIMIT 12 |
12 #TIMELIMIT 15 |
12 #TIMELIMIT 15 |
13 #DEREF never |
13 #DEREF never |
14 + |
14 + |
15 +TLS_PROTOCOL_MIN 3.2 |
15 +TLS_PROTOCOL_MIN 3.2 |
16 +TLS_CIPHER_SUITE -ALL:+TLSv1.2:+TLSv1.1 |
16 +TLS_CIPHER_SUITE TLSv1.2:!aNULL:!eNULL:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-DES-CBC3-SHA:DHE-DSS-DES-CBC3-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA |
17 --- openldap-2.4.30/servers/slapd/slapd.conf.old Mon Jun 1 16:47:47 2015 |
17 --- openldap-2.4.30/servers/slapd/slapd.conf.old Mon Jun 1 16:47:47 2015 |
18 +++ openldap-2.4.30/servers/slapd/slapd.conf Mon Jun 1 16:47:59 2015 |
18 +++ openldap-2.4.30/servers/slapd/slapd.conf Mon Jun 1 16:47:59 2015 |
19 @@ -22,10 +22,12 @@ |
19 @@ -22,10 +22,12 @@ |
20 # Sample security restrictions |
20 # Sample security restrictions |
21 # Require integrity protection (prevent hijacking) |
21 # Require integrity protection (prevent hijacking) |
22 # Require 112-bit (3DES or better) encryption for updates |
22 # Require 112-bit (3DES or better) encryption for updates |
23 # Require 63-bit encryption for simple bind |
23 # Require 63-bit encryption for simple bind |
24 # security ssf=1 update_ssf=112 simple_bind=64 |
24 # security ssf=1 update_ssf=112 simple_bind=64 |
25 +TLSProtocolMin 3.2 |
25 +TLSProtocolMin 770 |
26 +TLSCipherSuite -ALL:+TLSv1.2:+TLSv1.1 |
26 +TLSCipherSuite TLSv1.2:!aNULL:!eNULL:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-DES-CBC3-SHA:DHE-DSS-DES-CBC3-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA |
27 |
27 |
28 # Sample access control policy: |
28 # Sample access control policy: |
29 # Root DSE: allow anyone to read it |
29 # Root DSE: allow anyone to read it |
30 # Subschema (sub)entry DSE: allow anyone to read it |
30 # Subschema (sub)entry DSE: allow anyone to read it |
31 # Other DSEs: |
31 # Other DSEs: |