← Back to branch summary

~ubuntu-branches/debian/sid/389-ds-console/sid

« back to all changes in this revision

Viewing changes to src/com/netscape/admin/dirserv/panel/EncryptionPanel.java

  • Committer: Package Import Robot
  • Author(s): Timo Aaltonen
  • Date: 2015-07-03 08:40:56 UTC
  • mfrom: (1.1.2)
  • Revision ID: package-import@ubuntu.com-20150703084056-fx7a4pnufzhjyz2a
Tags: 1.2.12-1
http://bugs.debian.org/789990
* New upstream release. (Closes: #789990)
* watch: Update the url.
* control: Bump standards to 3.9.6, no changes.

Show diffs side-by-side

added added

removed removed

Lines of Context:
src/com/netscape/admin/dirserv/panel/EncryptionPanel.java
251
251
                        else if (_rbRequired.isSelected()) {
252
252
                                _configData.clientAuth = _configData.CLIENT_AUTH_REQUIRED;
253
253
                        }
254
 
                        _configData.sslConsoleOn = _cbConsoleSSL.isSelected();
 
254
                        _configData.sslConsoleOn = _configData.sslServerOn && _cbConsoleSSL.isSelected();
255
255
                        _configData.sslCheckHostName = _cbSSLCheckHostName.isSelected();
256
256
 
257
257
                        // Write the config data to the directories
415
415
                Frame f = getModel().getFrame();
416
416
                CipherPreferenceDialog dlg;
417
417
 
418
 
                Debug.println(4, 
419
 
                        "EncryptionPanel.showCipherPreferenceDialog: cipher = " + cipher);
 
418
                Debug.println(4, "EncryptionPanel.showCipherPreferenceDialog: cipher = " + cipher);
 
419
                Debug.println(4, "EncryptionPanel.showCipherPreferenceDialog: TLS_OFF = " + _configData.CIPHER_TLS_OFF);
420
420
                dlg = new CipherPreferenceDialog(f, null, _configData.CIPHER_SSL3_OFF, _configData.CIPHER_TLS_OFF);
421
421
                dlg.setCipherEnabled(dlg.SSL_V3, _configData.cipherPrefs);
422
422
                dlg.setCipherEnabled(dlg.SSL_TLS, _configData.cipherPrefs);
447
447
                Debug.println(4, 
448
448
                        "EncryptionPanel.securityEnabledChanged: enable = " + enable);
449
449
                _configData.sslServerOn = enable;
 
450
                _configData.sslConsoleOn = enable;
 
451
 
450
452
                // We must enable/disable the components accordingly.
451
453
                updateComponentState();
452
454
                setDirty(true);
772
774
                                                                                  "-fortezza_null";
773
775
 
774
776
        // Cipher list to build the TLS tab in the cipher dialog
775
 
        static final String CIPHER_TLS_OFF =  "-tls_rsa_export1024_with_rc4_56_sha," +
 
777
        static final String CIPHER_TLS_OFF =  "+all," +
 
778
                                              "-tls_rsa_export1024_with_rc4_56_sha," +
776
779
                                              "-tls_rsa_export1024_with_des_cbc_sha," +
777
780
                                              "-tls_rsa_aes_128_sha," +
778
 
                                              "-tls_rsa_aes_256_sha";
779
 
                                                                                  
 
781
                                              "-tls_rsa_aes_256_sha," +
 
782
                                              "-TLS_RSA_WITH_AES_128_GCM_SHA256";
 
783
 
780
784
        // Reads the directory and initializes this instance
781
785
        public void readFromDirectory(LDAPConnection ldc, LDAPConnection sieldc, String sieDn)
782
786
        throws LDAPException {
896
900
                                attrs.add(new LDAPAttribute("nsssltoken", setup.selectedDevice));
897
901
                        if (setup.selectedCertificate.length() >= 1) {                        
898
902
 
899
 
                                // Strip off the "<token>:" prefix for certs on extrnal tokens
 
903
                                // Strip off the "<token>:" prefix for certs on external tokens
900
904
                                String cert = setup.selectedCertificate;
901
905
                                String tokenPrefix = setup.selectedDevice + ":";
902
906
                                if (cert.startsWith(tokenPrefix)) {
919
923
                //              cn=encryption,cn=config
920
924
                LDAPModificationSet modSet = new LDAPModificationSet();
921
925
                String v = sslServerOn ? "on" : "off";
922
 
                modSet.add(LDAPModification.REPLACE, new LDAPAttribute("nsssl3", v));
 
926
                modSet.add(LDAPModification.REPLACE, new LDAPAttribute("nsTLS1", v));
923
927
                switch(clientAuth) {
924
928
                        case CLIENT_AUTH_ALLOWED:
925
929
                                v = "allowed";