On 11/25/2014 09:35 AM, Jan Cholasta wrote:
> Dne 24.11.2014 v 15:59 Rob Crittenden napsal(a):
...
>>> 2) Configure mod_nss to also support TLS 1.2. It should be done on both
>>> server install and upgrade. This requires a new version of mod_nss.
>>
>> mod_nss 1.0.10 in F-21 and rawhide should both support TLS 1.2 today.
>>
>> mod_nss is also very tolerant of bad/unknown protocols. It won't blow up
>> on unknown protocols.
>>
>> So if the given mod_nss doesn't support TLSv1.2 it will simply report an
>> error about an unknown protocol and configure the server for 1.0/1.1 if
>> configured as:
>>
>> NSSProtocol TLSv1.0,TLSv1.1,TLSv1.2
> 
> The attached patch 379 fixes this.

Works for me, ACK!

Pushed to:
master: bef1d18878118aea379659bb10d78c1e955b0b63
ipa-4-1: dc443cc4503822cb35c3693e5e525425573140f2

Martin


_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to