Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 924484 Details for
Bug 1091316
Net::LDAP should not set ciphers to 'ALL' if not requested explicitly
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
Upstream fix ported to 0.56
perl-ldap-0.56-Do-not-set-SSL_ciphers-to-ALL-by-default.patch (text/plain), 2.09 KB, created by
Petr Pisar
on 2014-08-06 13:50:16 UTC
(
hide
)
Description:
Upstream fix ported to 0.56
Filename:
MIME Type:
Creator:
Petr Pisar
Created:
2014-08-06 13:50:16 UTC
Size:
2.09 KB
patch
obsolete
>From 9a0188335ea83a5e0078d21624e8bb134ef21687 Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com> >Date: Thu, 24 Apr 2014 15:51:01 +0200 >Subject: [PATCH] Do not set SSL_ciphers to ALL by default >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >'ALL' cipher list is not the same as OpenSSL default. The 'ALL' >contains more ciphers. Some of them are too weak, some of them >prevents from using SSLv3 protocol. Then used SSLv2 protocol does not >support elliptic curve parameter negotion which can cause >interoperability issues when server picks a curve not supported by the >client. > >IO-Socket-SSL-1.955 supports special value '' (empty string) to >designed the OpenSSL default. However older IO-Socket-SSL recommends >not to set the option at all. > >Thus this patch sets SSL_ciphers only if Net::LDAP application passes >the ciphers option. > >Signed-off-by: Petr PÃsaÅ <ppisar@redhat.com> >--- > lib/Net/LDAP.pm | 3 ++- > lib/Net/LDAP.pod | 4 ++-- > 2 files changed, 4 insertions(+), 3 deletions(-) > >diff --git a/lib/Net/LDAP.pm b/lib/Net/LDAP.pm >index 03eb23f..99d227a 100644 >--- a/lib/Net/LDAP.pm >+++ b/lib/Net/LDAP.pm >@@ -243,7 +243,8 @@ sub _SSL_context_init_args { > } > > ( >- SSL_cipher_list => defined $arg->{ciphers} ? $arg->{ciphers} : 'ALL', >+ defined $arg->{ciphers} ? >+ ( SSL_cipher_list => defined $arg->{ciphers}) : (), > SSL_ca_file => exists $arg->{cafile} ? $arg->{cafile} : '', > SSL_ca_path => exists $arg->{capath} ? $arg->{capath} : '', > SSL_key_file => $clientcert ? $clientkey : undef, >diff --git a/lib/Net/LDAP.pod b/lib/Net/LDAP.pod >index 77a8400..c35508a 100644 >--- a/lib/Net/LDAP.pod >+++ b/lib/Net/LDAP.pod >@@ -779,8 +779,8 @@ B<'tlsv1'>. > > Specify which subset of cipher suites are permissible for this > connection, using the standard OpenSSL string format. The default >-value is B<'ALL'>, which permits all ciphers, even those that don't >-encrypt. >+behavior is to keep the decision on the underlying cryptographic >+library. > > =item clientcert =E<gt> '/path/to/cert.pem' > >-- >1.9.3 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=924484">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1091316
: 924484 |
924493