[Freeipa-devel] [freeipa PR#396][comment] Explicitly remove support of SSLv2
URL: https://github.com/freeipa/freeipa/pull/396 Title: #396: Explicitly remove support of SSLv2 MartinBasti commented: """ Fixed upstream master: https://fedorahosted.org/freeipa/changeset/ac6f573a3014aa09811ca1559d470afe75eadbec """ See the full comment at https://github.com/freeipa/freeipa/pull/396#issuecomment-280595283 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#396][comment] Explicitly remove support of SSLv2
URL: https://github.com/freeipa/freeipa/pull/396 Title: #396: Explicitly remove support of SSLv2 tomaskrizek commented: """ Please update the commit title and description to make it clear that it also removes support of SSLv3. """ See the full comment at https://github.com/freeipa/freeipa/pull/396#issuecomment-280306512 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#396][comment] Explicitly remove support of SSLv2
URL: https://github.com/freeipa/freeipa/pull/396 Title: #396: Explicitly remove support of SSLv2 HonzaCholasta commented: """ LGTM. """ See the full comment at https://github.com/freeipa/freeipa/pull/396#issuecomment-279935166 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#396][comment] Explicitly remove support of SSLv2
URL: https://github.com/freeipa/freeipa/pull/396 Title: #396: Explicitly remove support of SSLv2 stlaz commented: """ Done. Also added a docstring to the `get_proper_tls_version_span()` function. """ See the full comment at https://github.com/freeipa/freeipa/pull/396#issuecomment-278252451 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#396][comment] Explicitly remove support of SSLv2
URL: https://github.com/freeipa/freeipa/pull/396 Title: #396: Explicitly remove support of SSLv2 HonzaCholasta commented: """ @stlaz, you don't have to replace `root_logger` in old code, but don't use it in new code. """ See the full comment at https://github.com/freeipa/freeipa/pull/396#issuecomment-278028074 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#396][comment] Explicitly remove support of SSLv2
URL: https://github.com/freeipa/freeipa/pull/396 Title: #396: Explicitly remove support of SSLv2 stlaz commented: """ Did not realize merging to Env from default constants was happening in the end of `_finalize_core()`, moved the checks in config.py accordingly. Also, for some reason, github shows `root_logger` issue as solved but it's not - should all `root_logger` appearances be replaces by a module-own logger? """ See the full comment at https://github.com/freeipa/freeipa/pull/396#issuecomment-277996232 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#396][comment] Explicitly remove support of SSLv2
URL: https://github.com/freeipa/freeipa/pull/396 Title: #396: Explicitly remove support of SSLv2 stlaz commented: """ - I think we may need to discuss the support on Monday meeting, generally I think SSL 3.0 and TLS 1.0 should not be supported but there might be troubles with connectivity to legacy IPA servers - Yes, although in that case we would have to fail instead of falling back to "reasonable defaults" as Env object attribute values cannot be changed once set """ See the full comment at https://github.com/freeipa/freeipa/pull/396#issuecomment-273717304 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#396][comment] Explicitly remove support of SSLv2
URL: https://github.com/freeipa/freeipa/pull/396 Title: #396: Explicitly remove support of SSLv2 tiran commented: """ * What is the point of supporting SSL 3.0, TLS 1.0 and TLS 1.1 on the client side these days? How about we remove ancient and potentially dangerous TLS versions completely? * Would it be possible to validate the values during API initialization? """ See the full comment at https://github.com/freeipa/freeipa/pull/396#issuecomment-273189049 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code