Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 936872 Details for
Bug 1141105
Use ECC ciphers by default
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
patch to use ECC cipher suite by default
0001-use-ECC-cipher-suite-by-default-stronger-ciphers-PFS.patch (text/plain), 4.30 KB, created by
Adam Williamson
on 2014-09-12 08:39:04 UTC
(
hide
)
Description:
patch to use ECC cipher suite by default
Filename:
MIME Type:
Creator:
Adam Williamson
Created:
2014-09-12 08:39:04 UTC
Size:
4.30 KB
patch
obsolete
>From ff41394466986413661f9c551989e9eb026e41f0 Mon Sep 17 00:00:00 2001 >From: Adam Williamson <awilliam@redhat.com> >Date: Fri, 12 Sep 2014 01:33:10 -0700 >Subject: [PATCH] use ECC cipher suite by default (stronger ciphers, PFS > support) > >--- > mod_nss-1.0.9-ecc_ciphers.patch | 18 ++++++++++++++++++ > mod_nss.spec | 8 +++++++- > 2 files changed, 25 insertions(+), 1 deletion(-) > create mode 100644 mod_nss-1.0.9-ecc_ciphers.patch > >diff --git a/mod_nss-1.0.9-ecc_ciphers.patch b/mod_nss-1.0.9-ecc_ciphers.patch >new file mode 100644 >index 0000000..b0a9d4a >--- /dev/null >+++ b/mod_nss-1.0.9-ecc_ciphers.patch >@@ -0,0 +1,18 @@ >+--- mod_nss-1.0.9/nss.conf.in 2014-09-12 01:19:04.730738524 -0700 >++++ mod_nss-1.0.9/nss.conf.in.new 2014-09-12 01:26:07.119247753 -0700 >+@@ -103,13 +103,13 @@ >+ # See the mod_nss documentation for a complete list. >+ >+ # SSL 3 ciphers. SSL 2 is disabled by default. >+-NSSCipherSuite +rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha >++#NSSCipherSuite +rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha >+ >+ # SSL 3 ciphers + ECC ciphers. SSL 2 is disabled by default. >+ # >+ # Comment out the NSSCipherSuite line above and use the one below if you have >+ # ECC enabled NSS and mod_nss and want to use Elliptical Curve Cryptography >+-#NSSCipherSuite +rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha,-ecdh_ecdsa_null_sha,+ecdh_ecdsa_rc4_128_sha,+ecdh_ecdsa_3des_sha,+ecdh_ecdsa_aes_128_sha,+ecdh_ecdsa_aes_256_sha,-ecdhe_ecdsa_null_sha,+ecdhe_ecdsa_rc4_128_sha,+ecdhe_ecdsa_3des_sha,+ecdhe_ecdsa_aes_128_sha,+ecdhe_ecdsa_aes_256_sha,-ecdh_rsa_null_sha,+ecdh_rsa_128_sha,+ecdh_rsa_3des_sha,+ecdh_rsa_aes_128_sha,+ecdh_rsa_aes_256_sha,-echde_rsa_null,+ecdhe_rsa_rc4_128_sha,+ecdhe_rsa_3des_sha,+ecdhe_rsa_aes_128_sha,+ecdhe_rsa_aes_256_sha >++NSSCipherSuite +rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha,-ecdh_ecdsa_null_sha,+ecdh_ecdsa_rc4_128_sha,+ecdh_ecdsa_3des_sha,+ecdh_ecdsa_aes_128_sha,+ecdh_ecdsa_aes_256_sha,-ecdhe_ecdsa_null_sha,+ecdhe_ecdsa_rc4_128_sha,+ecdhe_ecdsa_3des_sha,+ecdhe_ecdsa_aes_128_sha,+ecdhe_ecdsa_aes_256_sha,-ecdh_rsa_null_sha,+ecdh_rsa_128_sha,+ecdh_rsa_3des_sha,+ecdh_rsa_aes_128_sha,+ecdh_rsa_aes_256_sha,-echde_rsa_null,+ecdhe_rsa_rc4_128_sha,+ecdhe_rsa_3des_sha,+ecdhe_rsa_aes_128_sha,+ecdhe_rsa_aes_256_sha >+ >+ # SSL Protocol: >+ # Cryptographic protocols that provide communication security. >diff --git a/mod_nss.spec b/mod_nss.spec >index 7770a3f..6f07cb2 100644 >--- a/mod_nss.spec >+++ b/mod_nss.spec >@@ -6,7 +6,7 @@ > > Name: mod_nss > Version: 1.0.9 >-Release: 2%{?dist} >+Release: 3%{?dist} > Summary: SSL/TLS module for the Apache HTTP server > Group: System Environment/Daemons > License: ASL 2.0 >@@ -31,6 +31,8 @@ Requires: %{_libdir}/libnssckbi.so > Patch1: mod_nss-conf.patch > # Generate a password-less NSS database > Patch2: mod_nss-gencert.patch >+# Use ECC ciphers by default (stronger, support PFS) >+Patch3: mod_nss-1.0.9-ecc_ciphers.patch > > %description > The mod_nss module provides strong cryptography for the Apache Web >@@ -42,6 +44,7 @@ security library. > %setup -q > %patch1 -p1 -b .conf > %patch2 -p1 -b .gencert >+%patch3 -p1 -b .ecc > > # Touch expression parser sources to prevent regenerating it > touch nss_expr_*.[chyl] >@@ -153,6 +156,9 @@ fi > %{_sbindir}/gencert > > %changelog >+* Fri Sep 12 2014 Adam Williamson <awilliam@redhat.com> - 1.0.9-3 >+- use ECC cipher suite by default (stronger ciphers, PFS support) >+ > * Thu Aug 28 2014 Rob Crittenden <rcritten@redhat.com> - 1.0.9-2 > - Add explicit BuildRequires for autoconf, automake and libtool > >-- >2.1.0 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=936872">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 1141105
: 936872