- mod_nss-cipherlist_update_for_tls12-doc.diff
mod_nss-cipherlist_update_for_tls12.diff
GCM mode and Camellia ciphers added to the supported ciphers list.
The additional ciphers are:
rsa_aes_128_gcm_sha == TLS_RSA_WITH_AES_128_GCM_SHA256
rsa_camellia_128_sha == TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
rsa_camellia_256_sha == TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
ecdh_ecdsa_aes_128_gcm_sha == TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
ecdhe_ecdsa_aes_128_gcm_sha == TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
ecdh_rsa_aes_128_gcm_sha == TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
ecdhe_rsa_aes_128_gcm_sha == TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
[bnc#863035]
- mod_nss-CVE-2013-4566-NSSVerifyClient.diff fixes CVE-2013-4566:
If 'NSSVerifyClient none' is set in the server / vhost context
(i.e. when server is configured to not request or require client
certificate authentication on the initial connection), and client
certificate authentication is expected to be required for a
specific directory via 'NSSVerifyClient require' setting,
mod_nss fails to properly require certificate authentication.
Remote attacker can use this to access content of the restricted
directories. [bnc#853039]
- glue documentation added to /etc/apache2/conf.d/mod_nss.conf:
* simultaneaous usage of mod_ssl and mod_nss
* SNI concurrency
* SUSE framework for apache configuration, Listen directive
* module initialization
- mod_nss-conf.patch obsoleted by scratch-version of nss.conf.in
or mod_nss.conf, respectively. This also leads to the removal of
OBS-URL: https://build.opensuse.org/request/show/222758
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/apache2-mod_nss?expand=0&rev=8
