>> Soo... Given we prefer to stay conservative and not change SSSD crypto
>
> I didn't say that!
I know, I'm not saying that you took a decision on that but I was
speaking in plural form as I recognize what you say in the sense that
indeed there may be cases which we don't think of that we could
On Wed, Dec 02, 2020 at 03:29:43AM -, Marco Trevisan (Treviño) wrote:
> Soo... Given we prefer to stay conservative and not change SSSD crypto
I didn't say that!
> backend fully (to be clear, I would have preferred it to follow
> upstream, not to provide a solution that will change in next LT
Soo... Given we prefer to stay conservative and not change SSSD crypto
backend fully (to be clear, I would have preferred it to follow
upstream, not to provide a solution that will change in next LTS no
matter what, and avoid having "frankensteins", but wasn't a strong
requirement for me) I've been
** Summary changed:
- Recompile SSSD in 20.04 using OpenSSL (instead of NSS) support
+ Recompile SSSD in 20.04 using OpenSSL (instead of NSS) support for p11_child
** Description changed:
[ Impact ]
SSSD supports in 20.04 two security backends: NSS and OpenSSL
(speaking in past tense as
On Tue, Dec 01, 2020 at 03:22:33PM -, Marco Trevisan (Treviño) wrote:
> > What if, for example, someone has an LDAP server that only supports
> > older TLS, and switching to OpenSSL causes their sssd LDAP TLS client to
> > require newer TLS because of our stronger defaults? What I describe
> >
> What if, for example, someone has an LDAP server that only supports
> older TLS, and switching to OpenSSL causes their sssd LDAP TLS client to
> require newer TLS because of our stronger defaults? What I describe
> would result in a regression for that user until they reconfigure
> things. Is thi
** Description changed:
[ Impact ]
- SSSD supports in 20.04 two security backends: NSS and OpenSSL.
- (speaking in past tense as upstream dropped NSS support completely)
+ SSSD supports in 20.04 two security backends: NSS and OpenSSL
+ (speaking in past tense as upstream dropped NSS support c
** Tags added: rls-ff-incoming
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1905790
Title:
Recompile SSSD in 20.04 using OpenSSL (instead of NSS) support
To manage notifications about this bug go
On Tue, Dec 01, 2020 at 03:33:45AM -, Marco Trevisan (Treviño) wrote:
> Probably not enough to compare, but from what I see in these matrices
> [4], there's basically nothing that NSS supports and OpenSSL doesn't
> (while it's true the other way around).
OK, but what about build configuration
> Are you sure about this? TLS has a wide variety of protocol options and the
> supported vs.
> "available" cryptosystem matrix is complex. Won't these all change if the
> underlying
> implementation changes?
Well, I focused mostly in the PKCS#11 changes, but for all its internal
crypto operatio
** Description changed:
[ Impact ]
- SSSD supports two security backends: NSS and OpenSSL.
+ SSSD supports in 20.04 two security backends: NSS and OpenSSL.
+ (speaking in past tense as upstream dropped NSS support completely)
Those two backends are used for various generic crypto feature
** Changed in: sssd (Ubuntu Focal)
Assignee: (unassigned) => Sergio Durigan Junior (sergiodj)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1905790
Title:
Recompile SSSD in 20.04 using OpenSSL
> While the change may involve quite different code paths when it comes
to security features, I think we trust OpenSSL enough to be an
acceptable crypto backend. And behavior should not change.
Are you sure about this? TLS has a wide variety of protocol options and
the supported vs. "available" cr
** Tags added: server-next
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1905790
Title:
Recompile SSSD in 20.04 using OpenSSL (instead of NSS) support
To manage notifications about this bug go to:
14 matches
Mail list logo
