On 08/19/15 13:46, Christina Fu
wrote:
this
patch is to address:
https://fedorahosted.org/pki/ticket/1566
non-CA subystem installations failing while trying to join
security domain
Please note that the two TLS_RSA ciphers have been left under
ecc for installation in place of the TLS_ECDHE_RSA ones.
thanks,
Christina
_______________________________________________
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel
(1) in pkiparser.py for ECC, +TLS_RSA_WITH_AES_256_CBC_SHA256 and
+TLS_RSA_WITH_AES_128_GCM_SHA256 are turned on (this is for
installation)
(2) in ciphers.info, for ECC, you have
-TLS_RSA_WITH_AES_256_CBC_SHA256 and
-TLS_RSA_WITH_AES_128_GCM_SHA256 are turned off for
sslRangeCiphers=...
After conversation, it is understood that the signs should be
flipped in ciphers.info to match these changes in pkiparser.py.
Conditional ACK based upon correcting ciphers.info.
commit 89211b9915e9c3e034d311ac0fa7091e9e08bde8 Author: Christina Fu <cfu@…> Date: Wed Aug 19 13:52:53 2015 +0200
Ticket 1566 on HSM, non-CA subystem installations failing while trying to join security domain