Bug 1160468
Summary: | support TLS 1.1 and later | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Rich Megginson <rmeggins> | ||||
Component: | openldap | Assignee: | Jan Synacek <jsynacek> | ||||
Status: | CLOSED ERRATA | QA Contact: | Eduard Benes <ebenes> | ||||
Severity: | high | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 7.1 | CC: | arubin, cg2v, ebenes, extras-qa, jsynacek, jv+fedora, mkosek, mreynolds, nkinder, phracek, pkis, pvoborni, qe-baseos-security, rh, rik.theys, rmeggins, sramling | ||||
Target Milestone: | rc | Keywords: | TestBlocker | ||||
Target Release: | --- | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | openldap-2.4.39-4.el7 | Doc Type: | Enhancement | ||||
Doc Text: |
Feature: TLS 1.1 and later has been added.
Reason: To support latest secure transport.
Result: TLS 1.1 and later is now supported.
|
Story Points: | --- | ||||
Clone Of: | 1160467 | Environment: | |||||
Last Closed: | 2015-03-05 13:35:39 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | 1160466, 1160467, 1164889 | ||||||
Bug Blocks: | 746646 | ||||||
Attachments: |
|
Description
Rich Megginson
2014-11-04 21:42:53 UTC
Created attachment 956859 [details]
patch that was submitted to openldap
Patch has been submitted to openldap (ITS#7979) This is blocking 389-ds-base to be tested with latest versions of TLS1.1, TLS1.2 and above. Hence, marking this as testBlocker Hi, This change has already been implemented in Fedora 21 and resulted in another (unrelated) bug: see bugzilla 1172638 for my bug report against Fedora 21. It seems when the openldap server has olcTLSVerifyClient set to 'allow' this patch breaks TLS 1.1+ connections to that server. I've also filed OpenLDAP ITS 8002 in the upstream bug tracker for this. Hopefully this issue can be fixed before RHEL 7.1 (or 6.7) is released. Regards, Rik Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-0597.html |