From e4b1d014bc0eba5b3ab5d0429791ed36fd98e3e7 Mon Sep 17 00:00:00 2001 From: Jean-Philippe Pialasse Date: Sat, 18 Jan 2025 15:45:29 -0500 Subject: [PATCH] * Sat Jan 18 2025 Jean-Philippe Pialasse 11.0.0-11.sme - use esmith::ssl to set ciphers and protocol [SME: 12824] --- contriborbase | 1 - .../templates/etc/openldap/slapd.conf/12tls | 17 +++++------------ smeserver-ldap.spec | 5 ++++- 3 files changed, 9 insertions(+), 14 deletions(-) delete mode 100644 contriborbase diff --git a/contriborbase b/contriborbase deleted file mode 100644 index ef36a67..0000000 --- a/contriborbase +++ /dev/null @@ -1 +0,0 @@ -sme10 diff --git a/root/etc/e-smith/templates/etc/openldap/slapd.conf/12tls b/root/etc/e-smith/templates/etc/openldap/slapd.conf/12tls index 0086174..a0bbfeb 100644 --- a/root/etc/e-smith/templates/etc/openldap/slapd.conf/12tls +++ b/root/etc/e-smith/templates/etc/openldap/slapd.conf/12tls @@ -1,15 +1,8 @@ - -TLSCipherSuite { $ldap{CipherSuite} || $modSSL{CipherSuite} || 'ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:HIGH@STRENGTH:!SSLv2:!ADH:!aNULL:!MD5:!RC4' } -TLSProtocolMin { my $TLSProtocolMin = $ldap{TLSProtocolMin} || 'TLSv1.2'; -if ( $TLSProtocolMin eq 'SSLv3' ){ - $OUT = " 3.0"; -} elsif ( $TLSProtocolMin eq 'TLSv1.0' || $TLSProtocolMin eq 'TLSv1' ){ - $OUT = " 3.1"; -} elsif ( $TLSProtocolMin eq 'TLSv1.1' ){ - $OUT = " 3.2"; -} elsif ( $TLSProtocolMin eq 'TLSv1.2' ){ - $OUT = " 3.3"; -} +{ + use esmith::ssl; + $OUT = "TLSCipherSuite ". ( $ldap{CipherSuite} || $modSSL{CipherSuite} || $smeCiphers ) ."\n"; + my $TLSProtocolMin = ( (exists $ldap{'TLSProtocolMin'} ) && (exists $existingSSLprotos{$ldap{'TLSProtocolMin'}} ) ) ? SSLprotoLDAP($ldap{'TLSProtocolMin'}) : SSLprotoLDAP(); + $OUT .= "TLSProtocolMin ". $TLSProtocolMin ."\n"; } TLSCACertificateFile /etc/openldap/ssl/slapd.pem TLSCertificateFile /etc/openldap//ssl/slapd.pem diff --git a/smeserver-ldap.spec b/smeserver-ldap.spec index e749f4f..0f01f08 100644 --- a/smeserver-ldap.spec +++ b/smeserver-ldap.spec @@ -4,7 +4,7 @@ Summary: smeserver server and gateway - LDAP module %define name smeserver-ldap Name: %{name} %define version 11.0.0 -%define release 10 +%define release 11 Version: %{version} Release: %{release}%{?dist} License: GPL @@ -29,6 +29,9 @@ Provides: e-smith-ldap smeserver server and gateway software - LDAP module. %changelog +* Sat Jan 18 2025 Jean-Philippe Pialasse 11.0.0-11.sme +- use esmith::ssl to set ciphers and protocol [SME: 12824] + * Tue Nov 12 2024 Jean-Philippe Pialasse 11.0.0-10.sme - send ldap logs to dedicated rsyslog file [SME: 12771]