mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-01-26 16:16:31 -06:00
3509545897
SSF_MINX 56 level ensures data integrity and confidentiality for SASL GSSAPI and SASL GSS SPNEGO connections. Although at least AES128 is enforced pretty much everywhere, 56 is required for backwards compatibility with systems that announce wrong SSF. Related: https://pagure.io/freeipa/issue/7140 Related: https://pagure.io/freeipa/issue/4580 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Tibor Dudlak <tdudlak@redhat.com>
15 lines
388 B
Plaintext
15 lines
388 B
Plaintext
# config
|
|
# pretend SSF for LDAPI connections
|
|
# nsslapd-localssf must be equal to or greater than nsslapd-minssf
|
|
dn: cn=config
|
|
changetype: modify
|
|
replace: nsslapd-localssf
|
|
nsslapd-localssf: 256
|
|
|
|
# minimum security strength factor for SASL and TLS
|
|
# 56 is considered weak, but some old clients announce wrong SSF.
|
|
dn: cn=config
|
|
changetype: modify
|
|
replace: nsslapd-minssf
|
|
nsslapd-minssf: 56
|