On 11/25/2014 09:35 AM, Jan Cholasta wrote:
> Dne 24.11.2014 v 15:59 Rob Crittenden napsal(a):
>>> 2) Configure mod_nss to also support TLS 1.2. It should be done on both
>>> server install and upgrade. This requires a new version of mod_nss.
>> mod_nss 1.0.10 in F-21 and rawhide should both support TLS 1.2 today.
>> mod_nss is also very tolerant of bad/unknown protocols. It won't blow up
>> on unknown protocols.
>> So if the given mod_nss doesn't support TLSv1.2 it will simply report an
>> error about an unknown protocol and configure the server for 1.0/1.1 if
>> configured as:
>> NSSProtocol TLSv1.0,TLSv1.1,TLSv1.2
> The attached patch 379 fixes this.
Works for me, ACK!
Freeipa-devel mailing list