[Freeipa-devel] [PATCH] 356 update dogtag configuration to work with NSS CVE-2009-3555 fixes
John Dennis
jdennis at redhat.com
Wed Jan 27 20:48:50 UTC 2010
On 01/27/2010 03:35 PM, Rob Crittenden wrote:
> NSS is going to disallow all SSL renegotiation by default. Because of
> this we need to always use the agent port of the dogtag server which
> always requires SSL client authentication. The end user port will prompt
> for a certificate if required but will attempt to re-do the handshake to
> make this happen which will fail with newer versions of NSS.
>
> This fixed version of NSS is currently in Fedora updates-testing but
> this patch should work with either release.
ACK
--
John Dennis <jdennis at redhat.com>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-devel
mailing list