1828727 – sslVersionMin: new default value: TLS1.2

Bug 1828727 - sslVersionMin: new default value: TLS1.2

Summary: sslVersionMin: new default value: TLS1.2

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Directory Server
Classification:	Red Hat
Component:	Doc-config-command-file-reference
Sub Component:
Version:	11.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	unspecified
Target Milestone:	---
Target Release:	dirsrv-11.1
Assignee:	Marc Muehlfeld
QA Contact:	RHDS QE
Docs Contact:	Marc Muehlfeld
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2020-04-28 09:13 UTC by Marc Muehlfeld
Modified:	2020-07-28 09:04 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	Enhancement
Doc Text:	.Directory Server sets the `sslVersionMin` parameter based on the system-wide crypto policy By default, Directory Server now sets the value of the `sslVersionMin` parameter based on the system-wide crypto policy. If you set the crypto policy profile in the `/etc/crypto-policies/config` file to: * `DEFAULT`, `FUTURE`, or `FIPS`, Directory Server sets `sslVersionMin` to `TLS1.2` * `LEGACY`, Directory Server sets `sslVersionMin` to `TLS1.0` Alternatively, you can manually set `sslVersionMin` to higher value than the one defined in the crypto policy: ---- # dsconf -D "cn=Directory Manager" __ldap://server.example.com__ security set --tls-protocol-min TLS1.3 ----
Clone Of:
Environment:
Last Closed:	2020-07-09 10:08:59 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Marc Muehlfeld 2020-04-28 09:13:48 UTC

Document URL: 
https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html/configuration_command_and_file_reference/core_server_configuration_reference#sslVersionMin


Section Number and Name: 
3.1.4.17. sslVersionMin


Describe the issue: 
The default value of sslVersionMin has been changed from TLS1.0 to TLS1.2.
See https://pagure.io/389-ds-base/c/e034c29


Suggestions for improvement: 
* Fix the default value in the Configuration, Command, and File Reference.
* Write a release note

Comment 9 Marc Muehlfeld 2020-07-09 10:08:59 UTC

The updated documentation is now available on the Customer Portal:

* The updated parameter description in the Configuration, Command, and File Reference:
  https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html/configuration_command_and_file_reference/core_server_configuration_reference#sslVersionMin

* I rewrote the following two short sections in the Admin Guide:
  * https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html-single/administration_guide/index?lb_target=production#settings-the-minimum-tls-encryption-protocol-version
  * https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html-single/administration_guide/index?lb_target=production#settings-the-highest-tls-encryption-protocol-version

* I added the RN:
  https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html-single/release_notes/index?lb_target=production#highlighted-updates-and-new-features-11.1

Note You need to log in before you can comment on or make changes to this bug.