[Fedora-directory-commits] adminserver/admserv/cfgstuff console.conf.in, 1.2, 1.3
Richard Allen Megginson (rmeggins)
fedora-directory-commits at redhat.com
Tue Dec 18 19:55:25 UTC 2007
- Previous message (by thread): [Fedora-directory-commits] adminserver configure.ac, 1.23, 1.24 aclocal.m4, 1.37, 1.38 configure, 1.41, 1.42 config.h.in, 1.6, 1.7 missing, 1.27, 1.28 install-sh, 1.27, 1.28 depcomp, 1.27, 1.28 compile, 1.26, 1.27 Makefile.in, 1.44, 1.45 config.sub, 1.27, 1.28 config.guess, 1.27, 1.28
- Next message (by thread): [Fedora-directory-commits] adminserver/admserv/cgi-src40 ugdsconfig.c, 1.9, 1.10
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: rmeggins
Update of /cvs/dirsec/adminserver/admserv/cfgstuff
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14602/adminserver/admserv/cfgstuff
Modified Files:
console.conf.in
Log Message:
Resolves: bug 426056
Bug Description: Unable to connect to admin express via SSL - firefox cipher issues?
Reviewed by: nkinder, nhosoi (Thanks!)
Fix Description: The admin server was defaulting to EXPORT instead of DOMESTIC so was not enabling the domestic ciphers by default. Then when the admin server SSL was configured, it would give it a list of old ciphers not currently supported by Firefox. Also, we are still being affected by Bug 151705 Processed: AS 6.2 Console cipher preferences bug, so when the list of ciphers pops up, you have to make sure all of the SSLv2 ciphers are disabled and the SSLv3 and TLS ciphers you want to use are enabled.
I also discovered a problem with the ugdsconfig CGI program - it was being caught by the admldapBuildInfoSSL problem where it tries to use the SIEDN to bind. So I had to use the same hack used in mod_admserv and elsewhere to force it to use the correct bind dn and password.
Finally, I updated the list of ciphers in console.conf to reflect the full list of ciphers supported by mod_nss.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
Index: console.conf.in
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/cfgstuff/console.conf.in,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- console.conf.in 22 Jun 2007 01:34:19 -0000 1.2
+++ console.conf.in 18 Dec 2007 19:55:23 -0000 1.3
@@ -95,7 +95,8 @@
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_nss documentation for a complete list.
-NSSCipherSuite -des,-rc2export,+rc4export,+desede3,+rc4,-rc2,+rsa_rc2_40_md5,+rsa_rc4_128_md5,+rsa_3des_sha,+rsa_rc4_40_md5,+fips_des_sha,+fips_3des_sha,+rsa_des_sha,-rsa_null_md5
+# SSL 3 ciphers. SSL 2 is disabled by default.
+NSSCipherSuite +rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha
NSSProtocol SSLv3,TLSv1
- Previous message (by thread): [Fedora-directory-commits] adminserver configure.ac, 1.23, 1.24 aclocal.m4, 1.37, 1.38 configure, 1.41, 1.42 config.h.in, 1.6, 1.7 missing, 1.27, 1.28 install-sh, 1.27, 1.28 depcomp, 1.27, 1.28 compile, 1.26, 1.27 Makefile.in, 1.44, 1.45 config.sub, 1.27, 1.28 config.guess, 1.27, 1.28
- Next message (by thread): [Fedora-directory-commits] adminserver/admserv/cgi-src40 ugdsconfig.c, 1.9, 1.10
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the Fedora-directory-commits
mailing list