Client connections no longer override TLS version range and ciphers by
default. Instead clients use the default settings from the system's
crypto policy.
Minimum TLS version is now TLS 1.2. The default crypto policy on
RHEL 8 sets TLS 1.2 as minimum version, while Fedora 31 sets TLS 1.0 as
minimum version. The minimum version is configured with OpenSSL 1.1.1
APIs. Python 3.6 lacks the setters to override the system policy.
The effective minimum version is always TLS 1.2, because FreeIPA
reconfigures Apache HTTPd on Fedora.
Fixes: https://pagure.io/freeipa/issue/8125
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Thomas Woerner <twoerner@redhat.com>
On non-usrmerge systems (e.g., Debian), bash, mv, cp, cat, tail,
keyctl, and gzip live in /bin, not /usr/bin.
On usrmerge systems, /bin is a symlink to /usr/bin (or vice versa), so
this has no effect.
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Get the value of `PAGER` environment variable in case it's defined, check the executable, if it exists - use a pager, otherwise - print function.
Fixes: https://pagure.io/freeipa/issue/7746
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
