[Freeipa-devel] [PATCH] 356 update dogtag configuration to work with NSS CVE-2009-3555 fixes
Rob Crittenden
rcritten at redhat.com
Wed Jan 27 20:35:59 UTC 2010
NSS is going to disallow all SSL renegotiation by default. Because of
this we need to always use the agent port of the dogtag server which
always requires SSL client authentication. The end user port will prompt
for a certificate if required but will attempt to re-do the handshake to
make this happen which will fail with newer versions of NSS.
This fixed version of NSS is currently in Fedora updates-testing but
this patch should work with either release.
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-356-dogtag.patch
Type: application/mbox
Size: 4296 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20100127/9d4f2814/attachment.mbox>
More information about the Freeipa-devel
mailing list