freeipa/ipaplatform/redhat
Christian Heimes b57c818fab Use only TLS 1.2 by default
TLS 1.3 is causing some trouble with client cert authentication.
Conditional client cert authentication requires post-handshake
authentication extension on TLS 1.3. The new feature is not fully
implemented yet.

TLS 1.0 and 1.1 are no longer state of the art and now disabled by
default.

TLS 1.2 works everywhere and supports PFS.

Related: https://pagure.io/freeipa/issue/7667

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2019-07-01 14:55:29 +02:00
..
__init__.py Split off generic Red Hat-like platform code from Fedora platform code 2014-10-09 15:37:24 +02:00
authconfig.py Fix authselect invocations to work with 1.0.2 2018-11-29 16:57:33 +01:00
constants.py Add absolute_import future imports 2018-04-20 09:43:37 +02:00
paths.py Migration from authconfig to authselect 2018-04-27 14:01:33 +02:00
services.py Add ExecStartPost hook to wait for Dogtag PKI 2019-04-24 09:09:28 +02:00
tasks.py Use only TLS 1.2 by default 2019-07-01 14:55:29 +02:00