Resolves: Bug 994599 - Enable TLS 1.2 by default

This commit is contained in:
Elio Maldonado 2014-10-16 16:36:18 -07:00
parent 1765d80a6c
commit 3e2a0ea4de
2 changed files with 45 additions and 1 deletions

View File

@ -19,7 +19,7 @@
Summary: Network Security Services Summary: Network Security Services
Name: nss Name: nss
Version: 3.17.2 Version: 3.17.2
Release: 1%{?dist} Release: 2%{?dist}
License: MPLv2.0 License: MPLv2.0
URL: http://www.mozilla.org/projects/security/pki/nss/ URL: http://www.mozilla.org/projects/security/pki/nss/
Group: System Environment/Libraries Group: System Environment/Libraries
@ -91,6 +91,8 @@ Patch49: nss-skip-bltest-and-fipstest.patch
# headers are older. Such is the case when starting an update with API changes or even private export changes. # headers are older. Such is the case when starting an update with API changes or even private export changes.
# Once the buildroot aha been bootstrapped the patch may be removed but it doesn't hurt to keep it. # Once the buildroot aha been bootstrapped the patch may be removed but it doesn't hurt to keep it.
Patch50: iquote.patch Patch50: iquote.patch
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1083900
Patch51: tls12.patch
%description %description
Network Security Services (NSS) is a set of libraries designed to Network Security Services (NSS) is a set of libraries designed to
@ -178,6 +180,9 @@ low level services.
%patch47 -p0 -b .templates %patch47 -p0 -b .templates
%patch49 -p0 -b .skipthem %patch49 -p0 -b .skipthem
%patch50 -p0 -b .iquote %patch50 -p0 -b .iquote
pushd nss
%patch51 -p1 -b .994599
popd
######################################################### #########################################################
# Higher-level libraries and test tools need access to # Higher-level libraries and test tools need access to
@ -761,6 +766,9 @@ fi
%changelog %changelog
* Thu Oct 16 2014 Elio Maldonado <emaldona@redhat.com> - 3.17.2-2
- Resolves: Bug 994599 - Enable TLS 1.2 by default
* Sun Oct 12 2014 Elio Maldonado <emaldona@redhat.com> - 3.17.2-1 * Sun Oct 12 2014 Elio Maldonado <emaldona@redhat.com> - 3.17.2-1
- Update to nss-3.17.2 - Update to nss-3.17.2

36
tls12.patch Normal file
View File

@ -0,0 +1,36 @@
# HG changeset patch
# User Martin Thomson <martin.thomson@gmail.com>
# Date 1413479112 25200
# Thu Oct 16 10:05:12 2014 -0700
# Node ID f7e1c2c652f4c2522a0a5ec232ecebae1983053d
# Parent 24852c6f89ea7ed2b8f231320d9a0a03bdd706d4
Bug 1083900 - Updating default maximum version to 1.2
diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
--- a/lib/ssl/sslsock.c
+++ b/lib/ssl/sslsock.c
@@ -85,22 +85,22 @@ static sslOptions ssl_defaults = {
PR_FALSE /* enableFallbackSCSV */
};
/*
* default range of enabled SSL/TLS protocols
*/
static SSLVersionRange versions_defaults_stream = {
SSL_LIBRARY_VERSION_3_0,
- SSL_LIBRARY_VERSION_TLS_1_0
+ SSL_LIBRARY_VERSION_TLS_1_2
};
static SSLVersionRange versions_defaults_datagram = {
SSL_LIBRARY_VERSION_TLS_1_1,
- SSL_LIBRARY_VERSION_TLS_1_1
+ SSL_LIBRARY_VERSION_TLS_1_2
};
#define VERSIONS_DEFAULTS(variant) \
(variant == ssl_variant_stream ? &versions_defaults_stream : \
&versions_defaults_datagram)
sslSessionIDLookupFunc ssl_sid_lookup;
sslSessionIDCacheFunc ssl_sid_cache;