Bug 1828727

Summary: sslVersionMin: new default value: TLS1.2
Product: Red Hat Directory Server Reporter: Marc Muehlfeld <mmuehlfe>
Component: Doc-config-command-file-referenceAssignee: Marc Muehlfeld <mmuehlfe>
Status: CLOSED CURRENTRELEASE QA Contact: RHDS QE <ds-qe-bugs>
Severity: unspecified Docs Contact: Marc Muehlfeld <mmuehlfe>
Priority: high    
Version: 11.0CC: mreynolds, pasik, rhel-docs, vashirov
Target Milestone: ---   
Target Release: dirsrv-11.1   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
.Directory Server sets the `sslVersionMin` parameter based on the system-wide crypto policy By default, Directory Server now sets the value of the `sslVersionMin` parameter based on the system-wide crypto policy. If you set the crypto policy profile in the `/etc/crypto-policies/config` file to: * `DEFAULT`, `FUTURE`, or `FIPS`, Directory Server sets `sslVersionMin` to `TLS1.2` * `LEGACY`, Directory Server sets `sslVersionMin` to `TLS1.0` Alternatively, you can manually set `sslVersionMin` to higher value than the one defined in the crypto policy: ---- # dsconf -D "cn=Directory Manager" __ldap://server.example.com__ security set --tls-protocol-min TLS1.3 ----
 Story Points: ---
Clone Of: Environment:
Last Closed: 2020-07-09 10:08:59 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Marc Muehlfeld 2020-04-28 09:13:48 UTC 
Document URL: 
https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html/configuration_command_and_file_reference/core_server_configuration_reference#sslVersionMin


Section Number and Name: 
3.1.4.17. sslVersionMin


Describe the issue: 
The default value of sslVersionMin has been changed from TLS1.0 to TLS1.2.
See https://pagure.io/389-ds-base/c/e034c29


Suggestions for improvement: 
* Fix the default value in the Configuration, Command, and File Reference.
* Write a release note
Comment 9 Marc Muehlfeld 2020-07-09 10:08:59 UTC 
The updated documentation is now available on the Customer Portal:

* The updated parameter description in the Configuration, Command, and File Reference:
  https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html/configuration_command_and_file_reference/core_server_configuration_reference#sslVersionMin

* I rewrote the following two short sections in the Admin Guide:
  * https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html-single/administration_guide/index?lb_target=production#settings-the-minimum-tls-encryption-protocol-version
  * https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html-single/administration_guide/index?lb_target=production#settings-the-highest-tls-encryption-protocol-version

* I added the RN:
  https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html-single/release_notes/index?lb_target=production#highlighted-updates-and-new-features-11.1