Bug 669845
Summary: | Default encryption strength dropped in switch to using NSS | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Rich Megginson <rmeggins> |
Component: | openldap | Assignee: | Jan Vcelak <jvcelak> |
Status: | CLOSED ERRATA | QA Contact: | Ondrej Moriš <omoris> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 6.1 | CC: | jplans, jvcelak, omoris, rmeggins, shaines, tsmetana, twhitehead |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | openldap-2.4.23-7.el6 | Doc Type: | Bug Fix |
Doc Text: |
- Connecting to OpenLDAP server.
- After switching from OpenSSL to Mozilla NSS, client provides only a limited subset of cipher suites (the best with medium grade). From this reason encryption strength has dropped.
- More ciphers with better grade were added into default cipher suite list.
- OpenLDAP client now provides better cipher suites for stronger encryption support.
|
Story Points: | --- |
Clone Of: | 669446 | Environment: | |
Last Closed: | 2011-05-19 13:59:50 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 669446 | ||
Bug Blocks: |
Description
Rich Megginson
2011-01-15 00:20:21 UTC
Fixed in openldap-2.4.23-7.el6 Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: - Connecting to OpenLDAP server. - After switching from OpenSSL to Mozilla NSS, client provides only a limited subset of cipher suites (the best with medium grade). From this reason encryption strength has dropped. - More ciphers with better grade were added into default cipher suite list. - OpenLDAP client now provides better cipher suites for stronger encryption support. An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2011-0673.html |