We need to make Directory Server support the following ciphers: TLS_ECDH_ECDSA_WITH_RC4_128_SHA TLS_ECDHE_ECDSA_WITH_RC4_128_SHA SSL_RSA_WITH_RC4_128_SHA The version of NSS we use already has support for these ciphers, so all we should need to do is add config name mappings for each of these.
Created attachment 140730 [details] CVS Diffs
Ok. Do we need to add these to admin server, or is that automatically handled because we are using mod_nss? Do we need to add these to the server config attribute nsSSL3Ciphers: -rsa_null_md5,+rsa_rc4_128_md5,+rsa_rc4_40_md5,+rsa_rc2_40_md5, +rsa_des_sha,+rsa_fips_des_sha,+rsa_3des_sha,+rsa_fips_3des_sha,+fortezza,+f ortezza_rc4_128_sha,+fortezza_null,+tls_rsa_export1024_with_rc4_56_sha,+tls_ rsa_export1024_with_des_cbc_sha
The ECC ciphers will be available in the admin server assuming that mod_nss was built with --enable-ecc. Once that is done all you'd need to do is add the ECC ciphers to the mod_nss directive NSSCipherSuite and they should work.