From 16cc1b34518b9fc1352be59ad683674dec3856f79ce846fff0f1b335cd2ab629 Mon Sep 17 00:00:00 2001 From: OBS User buildservice-autocommit Date: Thu, 6 Nov 2014 15:50:15 +0000 Subject: [PATCH] Updating link to change in openSUSE:Factory/apache2-mod_nss revision 10.0 OBS-URL: https://build.opensuse.org/package/show/Apache:Modules/apache2-mod_nss?expand=0&rev=3f744081ef38cb0b17351f48f11267f4 --- ...ss-add_support_for_enabling_TLS_v1.2.patch | 61 +++++++++++++++++++ 1 file changed, 61 insertions(+) create mode 100644 mod_nss-add_support_for_enabling_TLS_v1.2.patch diff --git a/mod_nss-add_support_for_enabling_TLS_v1.2.patch b/mod_nss-add_support_for_enabling_TLS_v1.2.patch new file mode 100644 index 0000000..8393563 --- /dev/null +++ b/mod_nss-add_support_for_enabling_TLS_v1.2.patch @@ -0,0 +1,61 @@ +From 78c17097186a8cacfb237af67fdd87599a727e88 Mon Sep 17 00:00:00 2001 +From: Rob Crittenden +Date: Thu, 16 Oct 2014 14:05:05 -0400 +Subject: [PATCH] Add support for enabling TLS v1.2 + +If support is available in NSS then it is just a matter of including +TLS 1.2 in the protocol range. +--- + docs/mod_nss.html | 97 ++++++++++++++++++++++++++++--------------------------- + mod_nss.c | 4 +-- + nss.conf.in | 2 +- + nss_engine_init.c | 51 +++++++++++++++++------------ + nss_engine_vars.c | 3 ++ + 5 files changed, 86 insertions(+), 71 deletions(-) + +Index: mod_nss-1.0.8/nss.conf.in +=================================================================== +--- mod_nss-1.0.8.orig/nss.conf.in ++++ mod_nss-1.0.8/nss.conf.in +@@ -98,7 +98,7 @@ NSSCipherSuite +rsa_rc4_128_md5,+rsa_rc4 + # ECC enabled NSS and mod_nss and want to use Elliptical Curve Cryptography + #NSSCipherSuite +rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha,-ecdh_ecdsa_null_sha,+ecdh_ecdsa_rc4_128_sha,+ecdh_ecdsa_3des_sha,+ecdh_ecdsa_aes_128_sha,+ecdh_ecdsa_aes_256_sha,-ecdhe_ecdsa_null_sha,+ecdhe_ecdsa_rc4_128_sha,+ecdhe_ecdsa_3des_sha,+ecdhe_ecdsa_aes_128_sha,+ecdhe_ecdsa_aes_256_sha,-ecdh_rsa_null_sha,+ecdh_rsa_128_sha,+ecdh_rsa_3des_sha,+ecdh_rsa_aes_128_sha,+ecdh_rsa_aes_256_sha,-echde_rsa_null,+ecdhe_rsa_rc4_128_sha,+ecdhe_rsa_3des_sha,+ecdhe_rsa_aes_128_sha,+ecdhe_rsa_aes_256_sha + +-NSSProtocol SSLv3,TLSv1 ++NSSProtocol TLSv1.0,TLSv1.1,TLSv1.2 + + # SSL Certificate Nickname: + # The nickname of the RSA server certificate you are going to use. +Index: mod_nss-1.0.8/nss_engine_vars.c +=================================================================== +--- mod_nss-1.0.8.orig/nss_engine_vars.c ++++ mod_nss-1.0.8/nss_engine_vars.c +@@ -747,6 +747,9 @@ static char *nss_var_lookup_protocol_ver + case SSL_LIBRARY_VERSION_TLS_1_1: + result = "TLSv1.1"; + break; ++ case SSL_LIBRARY_VERSION_TLS_1_2: ++ result = "TLSv1.2"; ++ break; + } + } + } +Index: mod_nss-1.0.8/nss_engine_init.c +=================================================================== +--- mod_nss-1.0.8.orig/nss_engine_init.c ++++ mod_nss-1.0.8/nss_engine_init.c +@@ -758,12 +758,12 @@ static void nss_init_ctx_protocol(server + * cannot be excluded from this range. NSS will automatically negotiate + * to utilize the strongest acceptable protocol for a connection starting + * with the maximum specified protocol and downgrading as necessary to the +- * minimum specified protocol (TLS 1.1 -> TLS 1.0 -> SSL 3.0). ++ * minimum specified protocol (TLS 1.2 -> TLS 1.1 -> TLS 1.0 -> SSL 3.0). + */ + if (stat == SECSuccess) { + /* Set minimum protocol version (lowest -> highest) + * +- * SSL 3.0 -> TLS 1.0 -> TLS 1.1 ++ * SSL 3.0 -> TLS 1.0 -> TLS 1.1 -> TLS 1.2 + */ + if (ssl3 == 1) { + enabledVersions.min = SSL_LIBRARY_VERSION_3_0;