You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Description of problem:
Error message have duplicate alters when you try to set sslVersionMin = "ssl2"
Version-Release number of selected component (if applicable):
[root@dhcp201-167 /]# rpm -qa | grep 389
389-ds-base-libs-1.3.4.0-13.el7.x86_64
389-ds-base-1.3.4.0-13.el7.x86_64
How reproducible:
Always
Steps to Reproduce:
=====================
1. set values ::
nsTLS1: on
nsSSL2: off
nsSSL3: off
AND
> > sslVersionMin: TLS1.0
> > sslVersionMax: TLS1.2
2. Now try modify sslVersionMin to "ssl2"
Actual results:
=================
Error Logs ::
[20/Aug/2015:15:22:01 +051800] - SSL alert: Security Initialization: The value
of sslVersionMin "ssl2" is lower than the supported version; the default value
"SSL3" is used.
[20/Aug/2015:15:22:01 +051800] - SSL alert: nsTLS1 is on, but the version range
is lower than "TLS1.0"; Configuring the version range as default min: TLS1.0,
max: TLS1.2.
[20/Aug/2015:15:22:01 +051800] SSL Initialization - Configured SSL version
range: min: TLS1.0, max: TLS1.2
[20/Aug/2015:15:22:01 +051800] - 389-Directory/1.3.4.0 B2015.231.1727 starting
up
[20/Aug
Expected results:
==================
First alert is misleading in error logs which says -- SSL alert: Security
Initialization: The value of sslVersionMin "ssl2" is lower than the supported
version; the default value "SSL3" is used.
While actual setting Server does is -- SSL alert: nsTLS1 is on, but the version
range is lower than "TLS1.0"; Configuring the version range as default min:
TLS1.0, max: TLS1.2.
So server should not log the first alert at all.
Second alert is accurate and enough.
Additional info:
Check https://bugzilla.redhat.com/show_bug.cgi?id=1044191#c9 for more details
regarding original fix.
FOR QA - there is a test case trac605 in ssl.sh for this bug.
The text was updated successfully, but these errors were encountered:
Cloned from Pagure issue: https://pagure.io/389-ds-base/issue/48291
Description of problem:
Error message have duplicate alters when you try to set sslVersionMin = "ssl2"
The text was updated successfully, but these errors were encountered: