rpms / zarafa

Clone
Source Code
GIT

Files

el4 el5 el6 epel7 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 main rawhide
  1.   el5
  2.   zarafa-7.1.12-ssl_protocols_ciphers.patch
Blob Blame History Raw 
Patch by Robert Scheck <robert@fedoraproject.org> for Zarafa >= 7.1.12 which re-adds the whole
documentation that was initially proposed to upstream but lost when this feature was backported
from Zarafa 7.2 to the 7.1 series.

Proposed to upstream via e-mail on Sat, 8 Mar 2014 14:30:29 +0100, initial patch was put into
the upstream ticket https://jira.zarafa.com/browse/ZCP-12143.

--- zarafa-7.1.12/doc/manual.xml				2015-04-07 12:03:31.000000000 +0200
+++ zarafa-7.1.12/doc/manual.xml.ssl_protocols_ciphers		2015-04-07 17:05:47.000000000 +0200
@@ -4226,14 +4226,35 @@
 		  </varlistentry>
 
 		  <varlistentry>
-			<term><option>server_ssl_enable_v2</option></term>
+			<term><option>server_ssl_protocols</option></term>
 			<listitem>
-			  <para>Incoming SSL connections normally are v3.</para>
-			  <para>Default: <replaceable>no</replaceable>
-			  </para>
+			  <para>Disabled or enabled protocol names. Supported protocol names
+			  are <replaceable>SSLv2</replaceable>, <replaceable>SSLv3</replaceable>
+			  and <replaceable>TLSv1</replaceable>. If Zarafa was linked against
+			  OpenSSL 1.0.1 or later there is additional support for the new protocols
+			  <replaceable>TLSv1.1</replaceable> and <replaceable>TLSv1.2</replaceable>.
+			  To exclude both, SSLv2 and SSLv3 set <option>server_ssl_protocols</option>
+			  to <replaceable>!SSLv2 !SSLv3</replaceable>. SSLv2 is considered unsafe
+			  and these connections should not be accepted.</para>
+			  <para>Default: <replaceable>!SSLv2</replaceable></para>
+			</listitem>
+		  </varlistentry>
+
+		  <varlistentry>
+			<term><option>server_ssl_ciphers</option></term>
+			<listitem>
+			  <para>SSL ciphers to use, set to <replaceable>ALL</replaceable> for backward compatibility.</para>
+			  <para>Default: <replaceable>ALL:!LOW:!SSLv2:!EXP:!aNULL</replaceable></para>
 			</listitem>
 		  </varlistentry>
 
+		  <varlistentry>
+			<term><option>server_ssl_prefer_server_ciphers</option></term>
+			<listitem>
+			  <para>Prefer the server's order of SSL ciphers over client's.</para>
+			  <para>Default: <replaceable>no</replaceable></para>
+			</listitem>
+		  </varlistentry>
 		</variablelist>
 	  </refsection>
 
@@ -8090,11 +8111,32 @@
 		  </varlistentry>
 
 		  <varlistentry>
-			<term><option>ssl_enable_v2</option></term>
+			<term><option>ssl_protocols</option></term>
+			<listitem>
+			  <para>Disabled or enabled protocol names. Supported protocol names
+			  are <replaceable>SSLv2</replaceable>, <replaceable>SSLv3</replaceable>
+			  and <replaceable>TLSv1</replaceable>. If Zarafa was linked against
+			  OpenSSL 1.0.1 or later there is additional support for the new protocols
+			  <replaceable>TLSv1.1</replaceable> and <replaceable>TLSv1.2</replaceable>.
+			  To exclude both, SSLv2 and SSLv3 set <option>ssl_protocols</option>
+			  to <replaceable>!SSLv2 !SSLv3</replaceable>. SSLv2 is considered unsafe
+			  and these connections should not be accepted.</para>
+			  <para>Default: <replaceable>!SSLv2</replaceable></para>
+			</listitem>
+		  </varlistentry>
+
+		  <varlistentry>
+			<term><option>ssl_ciphers</option></term>
 			<listitem>
-			  <para>Accept SSLv2 only connections. SSLv2 is considered
-			  unsafe, and these connections should not be
-			  accepted.</para>
+			  <para>SSL ciphers to use, set to <replaceable>ALL</replaceable> for backward compatibility.</para>
+			  <para>Default: <replaceable>ALL:!LOW:!SSLv2:!EXP:!aNULL</replaceable></para>
+			</listitem>
+		  </varlistentry>
+
+		  <varlistentry>
+			<term><option>ssl_prefer_server_ciphers</option></term>
+			<listitem>
+			  <para>Prefer the server's order of SSL ciphers over client's.</para>
 			  <para>Default: <replaceable>no</replaceable></para>
 			</listitem>
 		  </varlistentry>
@@ -10091,11 +10133,32 @@
 		  </varlistentry>
 
 		  <varlistentry>
-			<term><option>ssl_enable_v2</option></term>
+			<term><option>ssl_protocols</option></term>
+			<listitem>
+			  <para>Disabled or enabled protocol names. Supported protocol names
+			  are <replaceable>SSLv2</replaceable>, <replaceable>SSLv3</replaceable>
+			  and <replaceable>TLSv1</replaceable>. If Zarafa was linked against
+			  OpenSSL 1.0.1 or later there is additional support for the new protocols
+			  <replaceable>TLSv1.1</replaceable> and <replaceable>TLSv1.2</replaceable>.
+			  To exclude both, SSLv2 and SSLv3 set <option>ssl_protocols</option>
+			  to <replaceable>!SSLv2 !SSLv3</replaceable>. SSLv2 is considered unsafe
+			  and these connections should not be accepted.</para>
+			  <para>Default: <replaceable>!SSLv2</replaceable></para>
+			</listitem>
+		  </varlistentry>
+
+		  <varlistentry>
+			<term><option>ssl_ciphers</option></term>
+			<listitem>
+			  <para>SSL ciphers to use, set to <replaceable>ALL</replaceable> for backward compatibility.</para>
+			  <para>Default: <replaceable>ALL:!LOW:!SSLv2:!EXP:!aNULL</replaceable></para>
+			</listitem>
+		  </varlistentry>
+
+		  <varlistentry>
+			<term><option>ssl_prefer_server_ciphers</option></term>
 			<listitem>
-			  <para>Accept SSLv2 only connections. SSLv2 is considered
-			  unsafe, and these connections should not be
-			  accepted.</para>
+			  <para>Prefer the server's order of SSL ciphers over client's.</para>
 			  <para>Default: <replaceable>no</replaceable></para>
 			</listitem>
 		  </varlistentry>
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.