File _patchinfo of Package patchinfo.15310
<patchinfo incident="15310">
<issue tracker="jsc" id="ECO-1907"/>
<issue tracker="bnc" id="1167322">L3-Question: Status of TLSv1.3 support on SLES12 SP5</issue>
<packager>vitezslav_cizek</packager>
<rating>moderate</rating>
<category>recommended</category>
<summary>Recommended update for apache2-mod_nss</summary>
<description>This update for apache2-mod_nss fixes the following issues:
- Update from version 1.0.14 to 1.0.17 (jsc#ECO-1907, bsc#1167322)
* Add TLSv1.3 support
* Update documentation for TLS 1.3
* Add TLS 1.3 support to the cipher tests
* PEP-8 fixups
* Change the default certificate database format to SQLite.
* Try to auto-detect the NSS database format if not specified
* Update nss_pcache.8 man page to drop directory and prefix
* When a token is configured in password file only authenticate once
* Return an error when NSSPassPhraseDialog is invalid
* Move 3DES ciphers down from HIGH to MEDIUM to match OpenSSL 1.0.2k+
* Add -Werror=implicit-function-declaration to CFLAGS
* Handle group membership when testing for file permissions
* NSS system-wide policy now disables SSLv3, don't use it in tests
* Add missing error messages for libssl errors
* Fix doc typo in SSL_[SERVER|CLIENT]_SAN_IPaddr env variable name
* When including additional test config use specific extension
* Fix the TLS Session ID cache
* Make an invalid protocol setting fatal
* Don't use same NSS db in nss_pcache as mod_nss, use NSS_NoDB_Init()
* Add info log message when FIPS is enabled
* Add AES-256 and drop DES, CAST128, SKIPJACK as wrapping key types
* Fix removal of CR from PEM certificates
* Add OCSP caching and timeout tuning knobs
* Check the NSS database directory permissions as well as the files inside it for read access on startup.
* Add in simple aliases for ciphers to fix those that don't follow the pattern
(dhe_rsa_aes_128_sha256, dhe_rsa_aes_256_sha256)
and those with typos (camelia_128_sha, camelia_256_sha)
* Don't set remote user in fixup hook
</description>
</patchinfo>
