On 03/29/2016 04:42 PM, Adam Bishop wrote:
> On 29 Mar 2016, at 14:29, Adam Bishop <adam.bis...@jisc.ac.uk> wrote:
>> I could use a bit of help resolving this - full client debug follows. Both 
>> systems are running nss 3.19.1 which *should* support TLS1.2., so I'm unsure 
>> where to start fixing this.
> 
> Turns out to be a little easier to solve than I thought; the CentOS 6 client 
> was running an older version of NSS than I thought it was.
> 
> ipa-client-3.0.0-47.el6.centos.1.x86_64 defaults to requiring tls1.2 , but 
> does not depend on a version of NSS that actually supports tls1.2.

I do not think it *requires* TLS 1.2, rather allows the said range - from TLS
1.0 to 1.2. This is the bug where the change was made:

https://bugzilla.redhat.com/show_bug.cgi?id=1154687

If an NSS Requires was not bumped properly (IIRC, we bumped just python-nss
Requires), it sounds as a bug. Bugzilla welcome!

Thanks,
Martin

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to