Back to bug 1327065
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| German Parente | 2016-04-14 08:31:51 UTC | CC | msauton | |
| Têko Mihinto | 2016-04-14 09:46:31 UTC | CC | tmihinto | |
| Noriko Hosoi | 2016-04-14 18:05:01 UTC | CC | emaldona | |
| Flags | needinfo?(emaldona) | |||
| Elio Maldonado Batiz | 2016-04-14 18:50:21 UTC | Flags | needinfo?(emaldona) | |
| Noriko Hosoi | 2016-04-18 18:20:30 UTC | CC | wibrown | |
| Tomas Hajek | 2016-04-19 14:50:56 UTC | CC | hajek | |
| Gerald Prock | 2016-04-20 18:03:00 UTC | CC | gerald.prock | |
| Noriko Hosoi | 2016-04-26 00:55:13 UTC | Status | NEW | POST |
| wibrown | 2016-05-20 00:52:06 UTC | CC | nhosoi | |
| Flags | needinfo?(nhosoi) | |||
| Noriko Hosoi | 2016-05-31 18:24:31 UTC | Flags | needinfo?(nhosoi) | |
| Amy Farley | 2016-06-12 16:36:19 UTC | CC | afarley | |
| Chris Williams | 2016-07-14 15:34:56 UTC | Blocks | 1269194 | |
| Martin Kosek | 2016-08-18 09:48:51 UTC | Blocks | 1365846 | |
| Noriko Hosoi | 2016-10-06 20:28:57 UTC | Status | POST | MODIFIED |
| Fixed In Version | 389-ds-base-1.2.11.15-83.el6 | |||
| errata-xmlrpc | 2016-10-06 21:02:46 UTC | Status | MODIFIED | ON_QA |
| Gaurav Swami | 2016-11-14 15:53:23 UTC | CC | gswami | |
| Noriko Hosoi | 2017-01-10 18:48:58 UTC | Doc Text | Cause: Java is unable to handle DH param's greater than 1024 bit. As of NSS 2.20 and higher, nss defaults to params of 2048 bit. Consequence: This breaks all java clients. Fix: This adds a new option, allowWeakDHParams that allows nss to generate and use insecure DH params that Java would be capable of using. Result: By enabling allowWeakDHParams, applications that relies on weak DH can communicate with the Directory server linked with NSS 2.20 and higher. |
|
| Marc Muehlfeld | 2017-01-11 17:19:36 UTC | Docs Contact | mmuehlfe | |
| Sankar Ramalingam | 2017-01-18 12:20:52 UTC | Status | ON_QA | VERIFIED |
| CC | sramling | |||
| Marc Muehlfeld | 2017-01-19 07:45:06 UTC | Doc Text | Cause: Java is unable to handle DH param's greater than 1024 bit. As of NSS 2.20 and higher, nss defaults to params of 2048 bit. Consequence: This breaks all java clients. Fix: This adds a new option, allowWeakDHParams that allows nss to generate and use insecure DH params that Java would be capable of using. Result: By enabling allowWeakDHParams, applications that relies on weak DH can communicate with the Directory server linked with NSS 2.20 and higher. | Directory Server now supports configuring weak DH parameters The network security services (NSS) libraries, linked with the Red Hat Directory Server, require a minimum of 2048-bit Diffie-Hellman (DH) parameters. However, Java 1.6 and 1.7 supports only 1024-bit DH parameters. As a consequence, clients using these Java versions were unable to connect to Directory Server using encrypted connections. This update adds the "allowWeakDHParam" parameter to the "cn=encryption,cn=config" entry. As a result, if this parameter is enabled, affected clients can now connect using weak DH parameters. |
| Flags | needinfo?(nhosoi) | |||
| Noriko Hosoi | 2017-01-19 23:41:44 UTC | Flags | needinfo?(nhosoi) | |
| errata-xmlrpc | 2017-03-21 00:57:49 UTC | Status | VERIFIED | RELEASE_PENDING |
| errata-xmlrpc | 2017-03-21 10:20:59 UTC | Status | RELEASE_PENDING | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2017-03-21 06:20:59 UTC | |||
| Simon Pichugin | 2020-09-13 21:42:46 UTC | Link ID | Github 389ds/389-ds-base/issues/1858 |
Back to bug 1327065