smeserver/smeserver-ldap
6
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

* Sat Jan 18 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-11.sme

Browse Source 
- use esmith::ssl to set ciphers and protocol [SME: 12824]
This commit is contained in:
Jean-Philippe Pialasse
2025-01-18 15:45:29 -05:00
parent fa9114f3c5
commit e4b1d014bc
3 changed files with 9 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
root/etc/e-smith/templates/etc/openldap/slapd.conf/12tls
View File

@@ -1,15 +1,8 @@
TLSCipherSuite { $ldap{CipherSuite} || $modSSL{CipherSuite} || 'ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:HIGH@STRENGTH:!SSLv2:!ADH:!aNULL:!MD5:!RC4' }
TLSProtocolMin { my $TLSProtocolMin = $ldap{TLSProtocolMin} || 'TLSv1.2';
if ( $TLSProtocolMin eq 'SSLv3' ){
$OUT = " 3.0";
} elsif ( $TLSProtocolMin eq 'TLSv1.0' || $TLSProtocolMin eq 'TLSv1' ){
$OUT = " 3.1";
} elsif ( $TLSProtocolMin eq 'TLSv1.1' ){
$OUT = " 3.2";
} elsif ( $TLSProtocolMin eq 'TLSv1.2' ){
$OUT = " 3.3";
}
{
use esmith::ssl;
$OUT = "TLSCipherSuite ". ( $ldap{CipherSuite} || $modSSL{CipherSuite} || $smeCiphers ) ."\n";
my $TLSProtocolMin = ( (exists $ldap{'TLSProtocolMin'} ) && (exists $existingSSLprotos{$ldap{'TLSProtocolMin'}} ) ) ? SSLprotoLDAP($ldap{'TLSProtocolMin'}) : SSLprotoLDAP();
$OUT .= "TLSProtocolMin ". $TLSProtocolMin ."\n";
}
TLSCACertificateFile /etc/openldap/ssl/slapd.pem
TLSCertificateFile /etc/openldap//ssl/slapd.pem