Mercurial Mercurial > upstream > oracle > userland-gate / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/openldap/patches/01-no-ssl3.patch
changeset 5911 a8d897c4c442
parent 4748 976281af43d9
equal deleted inserted replaced
5910:93ac80235738 5911:a8d897c4c442 
     1 Fixes problem with setting the TLS client protocol version and ciphersuite
 
     1 Fixes problem with setting the TLS client protocol version and ciphersuite
 
     2 in the NSSWITCH LDAP library in Solaris.
 
     2 in the NSSWITCH LDAP library in Solaris.
 
     3 Patch was developed in-house; it is Solaris specific and
 
     3 Patch was developed in-house; it is Solaris specific and
 
     4 will not be contributed upstream.
 
     4 will not be contributed upstream.
 
     5 
     5 
     6 --- openldap-2.4.30/libraries/libldap/ldap.conf.old	Mon Jun  1 16:46:56 2015
 
     6 --- openldap-2.4.44/libraries/libldap/ldap.conf.old     Thu Nov  5 10:11:14 2015
 
     7 +++ openldap-2.4.30/libraries/libldap/ldap.conf	Mon Jun  1 16:47:08 2015
 
     7 +++ openldap-2.4.44/libraries/libldap/ldap.conf Thu Nov  5 10:16:44 2015
 
     8 @@ -9,5 +9,8 @@
 
     8 @@ -9,5 +9,8 @@
 
     9  #URI	ldap://ldap.example.com ldap://ldap-master.example.com:666
 
     9  #URI	ldap://ldap.example.com ldap://ldap-master.example.com:666
 
    10  
    10  
    11  #SIZELIMIT	12
 
    11  #SIZELIMIT	12
 
    12  #TIMELIMIT	15
 
    12  #TIMELIMIT	15
 
    13  #DEREF		never
 
    13  #DEREF		never
 
    14 +
 
    14 +
 
    15 +TLS_PROTOCOL_MIN	3.2
 
    15 +TLS_PROTOCOL_MIN	3.2
 
    16 +TLS_CIPHER_SUITE	TLSv1.2:!aNULL:!eNULL:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-DES-CBC3-SHA:DHE-DSS-DES-CBC3-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA
 
    16 +TLS_CIPHER_SUITE	TLSv1.2:!aNULL:!eNULL:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-DES-CBC3-SHA:DHE-DSS-DES-CBC3-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA
 
    17 --- openldap-2.4.30/servers/slapd/slapd.conf.old	Mon Jun  1 16:47:47 2015
 
    17 --- openldap-2.4.44/servers/slapd/slapd.conf.old        Thu Nov  5 10:11:25 2015
 
    18 +++ openldap-2.4.30/servers/slapd/slapd.conf	Mon Jun  1 16:47:59 2015
 
    18 +++ openldap-2.4.44/servers/slapd/slapd.conf    Thu Nov  5 10:16:24 2015
 
    19 @@ -22,10 +22,12 @@
 
    19 @@ -23,6 +23,8 @@
 
    20  # Sample security restrictions
 
       
    21  #	Require integrity protection (prevent hijacking)
 
       
    22  #	Require 112-bit (3DES or better) encryption for updates
 
    20  #	Require 112-bit (3DES or better) encryption for updates
 
    23  #	Require 63-bit encryption for simple bind
 
    21  #	Require 63-bit encryption for simple bind
 
    24  # security ssf=1 update_ssf=112 simple_bind=64
 
    22  # security ssf=1 update_ssf=112 simple_bind=64
 
    25 +TLSProtocolMin	770
 
    23 +TLSProtocolMin	3.2
 
    26 +TLSCipherSuite	TLSv1.2:!aNULL:!eNULL:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-DES-CBC3-SHA:DHE-DSS-DES-CBC3-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA
 
    24 +TLSCipherSuite	TLSv1.2:!aNULL:!eNULL:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-DES-CBC3-SHA:DHE-DSS-DES-CBC3-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA
 
    27  
    25  
    28  # Sample access control policy:
 
    26  # Sample access control policy:
 
    29  #	Root DSE: allow anyone to read it
 
    27  #	Root DSE: allow anyone to read it
 
    30  #	Subschema (sub)entry DSE: allow anyone to read it
 
       
    31  #	Other DSEs:
upstream/oracle/userland-gate