Commit 506961b7 authored by Quanah Gibson-Mount's avatar Quanah Gibson-Mount
Browse files

ITS#6790

parent 2dd6aaed
...@@ -35,7 +35,8 @@ OpenLDAP 2.4.24 Engineering ...@@ -35,7 +35,8 @@ OpenLDAP 2.4.24 Engineering
Fixed libldap leak when chasing referrals (ITS#6744) Fixed libldap leak when chasing referrals (ITS#6744)
Fixed libldap url parsing with NULL host (ITS#6653) Fixed libldap url parsing with NULL host (ITS#6653)
Fixed libldap ldap_open_internal_connection (ITS#6788) Fixed libldap ldap_open_internal_connection (ITS#6788)
Fixed libldap sync checking for BER errors (ITS#6738) Fixed libldap sync checking for BER errors (ITS#6738)
Fixed libldap MozNSS default cipher suites (ITS#6790)
Fixed liblutil getpass prompts (ITS#6702) Fixed liblutil getpass prompts (ITS#6702)
Fixed ldapsearch segfault with deref (ITS#6638) Fixed ldapsearch segfault with deref (ITS#6638)
Fixed ldapsearch multiple controls parsing (ITS#6651) Fixed ldapsearch multiple controls parsing (ITS#6651)
......
...@@ -210,7 +210,7 @@ static cipher_properties ciphers_def[] = { ...@@ -210,7 +210,7 @@ static cipher_properties ciphers_def[] = {
/* SSL3 ciphers */ /* SSL3 ciphers */
{"RC4-MD5", SSL_RSA_WITH_RC4_128_MD5, SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5, SSL3, 128, 128, SSL_MEDIUM, SSL_ALLOWED}, {"RC4-MD5", SSL_RSA_WITH_RC4_128_MD5, SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5, SSL3, 128, 128, SSL_MEDIUM, SSL_ALLOWED},
{"RC4-SHA", SSL_RSA_WITH_RC4_128_SHA, SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA1, SSL3, 128, 128, SSL_MEDIUM, SSL_NOT_ALLOWED}, {"RC4-SHA", SSL_RSA_WITH_RC4_128_SHA, SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA1, SSL3, 128, 128, SSL_MEDIUM, SSL_ALLOWED},
{"DES-CBC3-SHA", SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_kRSA|SSL_aRSA|SSL_3DES|SSL_SHA1, SSL3, 168, 168, SSL_HIGH, SSL_ALLOWED}, {"DES-CBC3-SHA", SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_kRSA|SSL_aRSA|SSL_3DES|SSL_SHA1, SSL3, 168, 168, SSL_HIGH, SSL_ALLOWED},
{"DES-CBC-SHA", SSL_RSA_WITH_DES_CBC_SHA, SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1, SSL3, 56, 56, SSL_LOW, SSL_ALLOWED}, {"DES-CBC-SHA", SSL_RSA_WITH_DES_CBC_SHA, SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1, SSL3, 56, 56, SSL_LOW, SSL_ALLOWED},
{"EXP-RC4-MD5", SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5, SSL3, 40, 128, SSL_EXPORT40, SSL_ALLOWED}, {"EXP-RC4-MD5", SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5, SSL3, 40, 128, SSL_EXPORT40, SSL_ALLOWED},
...@@ -221,8 +221,8 @@ static cipher_properties ciphers_def[] = { ...@@ -221,8 +221,8 @@ static cipher_properties ciphers_def[] = {
/* TLSv1 ciphers */ /* TLSv1 ciphers */
{"EXP1024-DES-CBC-SHA", TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA, TLS1, 56, 56, SSL_EXPORT56, SSL_ALLOWED}, {"EXP1024-DES-CBC-SHA", TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA, TLS1, 56, 56, SSL_EXPORT56, SSL_ALLOWED},
{"EXP1024-RC4-SHA", TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA, TLS1, 56, 56, SSL_EXPORT56, SSL_ALLOWED}, {"EXP1024-RC4-SHA", TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA, TLS1, 56, 56, SSL_EXPORT56, SSL_ALLOWED},
{"AES128-SHA", TLS_RSA_WITH_AES_128_CBC_SHA, SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA, TLS1, 128, 128, SSL_HIGH, SSL_NOT_ALLOWED}, {"AES128-SHA", TLS_RSA_WITH_AES_128_CBC_SHA, SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA, TLS1, 128, 128, SSL_HIGH, SSL_ALLOWED},
{"AES256-SHA", TLS_RSA_WITH_AES_256_CBC_SHA, SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA, TLS1, 256, 256, SSL_HIGH, SSL_NOT_ALLOWED}, {"AES256-SHA", TLS_RSA_WITH_AES_256_CBC_SHA, SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA, TLS1, 256, 256, SSL_HIGH, SSL_ALLOWED},
}; };
#define ciphernum (sizeof(ciphers_def)/sizeof(cipher_properties)) #define ciphernum (sizeof(ciphers_def)/sizeof(cipher_properties))
...@@ -2004,7 +2004,12 @@ tlsm_deferred_ctx_init( void *arg ) ...@@ -2004,7 +2004,12 @@ tlsm_deferred_ctx_init( void *arg )
"TLS: could not set cipher list %s.\n", "TLS: could not set cipher list %s.\n",
lt->lt_ciphersuite, 0, 0 ); lt->lt_ciphersuite, 0, 0 );
return -1; return -1;
} } else if ( tlsm_parse_ciphers( ctx, "DEFAULT" ) ) {
Debug( LDAP_DEBUG_ANY,
"TLS: could not set cipher list DEFAULT.\n",
0, 0, 0 );
return -1;
}
if ( ctx->tc_require_cert ) { if ( ctx->tc_require_cert ) {
request_cert = PR_TRUE; request_cert = PR_TRUE;
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment