IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2024-12-23 07:33:27 -06:00
Code Issues Packages Projects Releases Wiki Activity
639bb71940
freeipa/ipalib
History
Christian Heimes 639bb71940 Don't hard-code client's TLS versions and ciphers 
Client connections no longer override TLS version range and ciphers by
default. Instead clients use the default settings from the system's
crypto policy.

Minimum TLS version is now TLS 1.2. The default crypto policy on
RHEL 8 sets TLS 1.2 as minimum version, while Fedora 31 sets TLS 1.0 as
minimum version. The minimum version is configured with OpenSSL 1.1.1
APIs. Python 3.6 lacks the setters to override the system policy.

The effective minimum version is always TLS 1.2, because FreeIPA
reconfigures Apache HTTPd on Fedora.

Fixes: https://pagure.io/freeipa/issue/8125
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Thomas Woerner <twoerner@redhat.com>
2019-12-02 16:48:07 +01:00
..
install Fix errors found by Pylint-2.4.3 2019-10-21 18:01:32 +11:00
__init__.py Fix errors found by Pylint-2.4.3 2019-10-21 18:01:32 +11:00
aci.py Py3: Replace six.string_types with str 2018-09-27 16:11:18 +02:00
backend.py Fix Pylint 2.0 violations 2018-07-14 12:04:19 +02:00
base.py Py3: Replace six.string_types with str 2018-09-27 16:11:18 +02:00
capabilities.py Replace LooseVersion 2016-11-24 15:46:40 +01:00
cli.py make sure IPA_CONFDIR is used to check that client is configured 2019-01-10 11:24:08 +01:00
config.py Don't hard-code client's TLS versions and ciphers 2019-12-02 16:48:07 +01:00
constants.py Don't hard-code client's TLS versions and ciphers 2019-12-02 16:48:07 +01:00
crud.py ipalib, ipaserver: fix incorrect API.register calls in docstrings 2016-05-25 16:06:26 +02:00
dns.py dnsrecord-mod: allow to modify ttl without passing the record 2019-07-01 09:16:21 +02:00
errors.py Require UTF-8 fs encoding 2017-11-21 16:13:28 +01:00
frontend.py Fixed errors newly exposed by pylint 2.4.0 2019-09-25 20:14:06 +10:00
krb_utils.py Allow login to WebUI using Kerberos aliases/enterprise principals 2017-03-08 15:56:11 +01:00
Makefile.am Build: Makefiles for Python packages 2016-11-09 13:08:32 +01:00
messages.py Handle missing LWCA certificate or chain 2019-06-18 10:36:24 +10:00
misc.py Add fix for ipa plugins command 2017-02-17 10:22:07 +01:00
output.py Generate same API.txt under Python 2 and 3 2018-02-15 09:41:30 +01:00
parameters.py DNParam: raise Exception when multiple values provided to a 1-val param 2019-11-20 11:15:28 +01:00
pkcs10.py Remove pkcs10 module contents 2017-10-25 09:46:41 +02:00
plugable.py Removed unnecessary imports after code review. 2019-09-27 09:38:32 +02:00
request.py Py3: Remove subclassing from object 2018-09-27 11:49:04 +02:00
rpc.py rpc: always read response 2018-11-07 08:39:42 +01:00
setup.cfg Port all setup.py to setuptools 2016-10-20 18:43:37 +02:00
setup.py Cleanup shebang and executable bit 2018-07-05 19:46:42 +02:00
text.py Py3: Remove subclassing from object 2018-09-27 11:49:04 +02:00
util.py Don't hard-code client's TLS versions and ciphers 2019-12-02 16:48:07 +01:00
x509.py move MSCSTemplate classes to ipalib 2019-07-17 17:58:58 +03:00