Updating link to change in openSUSE:Factory/apache2-mod_nss revision 10.0

OBS-URL: https://build.opensuse.org/package/show/Apache:Modules/apache2-mod_nss?expand=0&rev=3f744081ef38cb0b17351f48f11267f4
2014-11-06 15:50:15 +00:00 · 2014-11-06 15:50:15 +00:00 · 16cc1b3451
commit 16cc1b3451
parent 9a60ccd314
1 changed files with 61 additions and 0 deletions
--- a/mod_nss-add_support_for_enabling_TLS_v1.2.patch
+++ b/mod_nss-add_support_for_enabling_TLS_v1.2.patch
@ -0,0 +1,61 @@
 From 78c17097186a8cacfb237af67fdd87599a727e88 Mon Sep 17 00:00:00 2001
 From: Rob Crittenden <rcritten@redhat.com>
 Date: Thu, 16 Oct 2014 14:05:05 -0400
 Subject: [PATCH] Add support for enabling TLS v1.2
 If support is available in NSS then it is just a matter of including
 TLS 1.2 in the protocol range.
 ---
 docs/mod_nss.html | 97 ++++++++++++++++++++++++++++---------------------------
 mod_nss.c         |  4 +--
 nss.conf.in       |  2 +-
 nss_engine_init.c | 51 +++++++++++++++++------------
 nss_engine_vars.c |  3 ++
 5 files changed, 86 insertions(+), 71 deletions(-)
 Index: mod_nss-1.0.8/nss.conf.in
 ===================================================================
 --- mod_nss-1.0.8.orig/nss.conf.in
 +++ mod_nss-1.0.8/nss.conf.in
@@ -98,7 +98,7 @@ NSSCipherSuite +rsa_rc4_128_md5,+rsa_rc4
 # ECC enabled NSS and mod_nss and want to use Elliptical Curve Cryptography
 #NSSCipherSuite +rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha,-ecdh_ecdsa_null_sha,+ecdh_ecdsa_rc4_128_sha,+ecdh_ecdsa_3des_sha,+ecdh_ecdsa_aes_128_sha,+ecdh_ecdsa_aes_256_sha,-ecdhe_ecdsa_null_sha,+ecdhe_ecdsa_rc4_128_sha,+ecdhe_ecdsa_3des_sha,+ecdhe_ecdsa_aes_128_sha,+ecdhe_ecdsa_aes_256_sha,-ecdh_rsa_null_sha,+ecdh_rsa_128_sha,+ecdh_rsa_3des_sha,+ecdh_rsa_aes_128_sha,+ecdh_rsa_aes_256_sha,-echde_rsa_null,+ecdhe_rsa_rc4_128_sha,+ecdhe_rsa_3des_sha,+ecdhe_rsa_aes_128_sha,+ecdhe_rsa_aes_256_sha
 -NSSProtocol SSLv3,TLSv1
 +NSSProtocol TLSv1.0,TLSv1.1,TLSv1.2
 #   SSL Certificate Nickname:
 #   The nickname of the RSA server certificate you are going to use.
 Index: mod_nss-1.0.8/nss_engine_vars.c
 ===================================================================
 --- mod_nss-1.0.8.orig/nss_engine_vars.c
 +++ mod_nss-1.0.8/nss_engine_vars.c
@@ -747,6 +747,9 @@ static char *nss_var_lookup_protocol_ver
                 case SSL_LIBRARY_VERSION_TLS_1_1:
                     result = "TLSv1.1";
                     break;
 +                case SSL_LIBRARY_VERSION_TLS_1_2:
 +                    result = "TLSv1.2";
 +                    break;
             }
         }
     }
 Index: mod_nss-1.0.8/nss_engine_init.c
 ===================================================================
 --- mod_nss-1.0.8.orig/nss_engine_init.c
 +++ mod_nss-1.0.8/nss_engine_init.c
@@ -758,12 +758,12 @@ static void nss_init_ctx_protocol(server
      * cannot be excluded from this range. NSS will automatically negotiate
      * to utilize the strongest acceptable protocol for a connection starting
      * with the maximum specified protocol and downgrading as necessary to the
 -     * minimum specified protocol (TLS 1.1 -> TLS 1.0 -> SSL 3.0).
 +     * minimum specified protocol (TLS 1.2 -> TLS 1.1 -> TLS 1.0 -> SSL 3.0).
      */
     if (stat == SECSuccess) {
         /* Set minimum protocol version (lowest -> highest)
          *
 -         *     SSL 3.0 -> TLS 1.0 -> TLS 1.1
 +         *     SSL 3.0 -> TLS 1.0 -> TLS 1.1 -> TLS 1.2
          */
         if (ssl3 == 1) {
             enabledVersions.min = SSL_LIBRARY_VERSION_3_0;