Project

General

Profile

Feature #71939

Add port numbers to entries in Directory Services -> Encryption Mode drop-down menu

Added by Aaron St. John almost 3 years ago. Updated over 2 years ago.

Status:
Done
Priority:
No priority
Assignee:
Aaron St. John
Category:
GUI (new)
Target version:
Estimated time:
Severity:
New
Reason for Closing:
Reason for Blocked:
Needs QA:
No
Needs Doc:
No
Needs Merging:
No
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:

Description

In the drop-down for directoryservice > Encryption mode the current options are off,SSL, TLS.
After ticket#58083, it may be of help to change the options slightly to explain more about the protocols used.

The suggested change to the drop-down options is

Off
SSL (LDAPS, port 636)
TLS (LDAP, port 389)

Also, need to take a look at the tool tip to see if it can be elaborated (wiki link?).


Related issues

Related to FreeNAS - Bug #58083: Clarify TLS and SSL descriptions in GuideDone
Related to FreeNAS - Bug #74056: Update labels and help text for Security field in System -> Email of new UIDone

History

#1 Updated by Aaron St. John almost 3 years ago

  • Related to Bug #58083: Clarify TLS and SSL descriptions in Guide added

#2 Updated by Dru Lavigne almost 3 years ago

  • Target version changed from Backlog to 11.2-U3

#3 Updated by Anonymous almost 3 years ago

These values are stored in gui/choices.py on the middleware side:

LDAP_SSL_CHOICES = (
    ('off', _('Off')),
    ('on', _('SSL')),
    ('start_tls', _('TLS')),
)

The second option is the label which is where we would want to put these descriptions, this is a legacy django file so we may want to check to see what the future of it is.

#5 Updated by Aaron St. John almost 3 years ago

  • Status changed from Unscreened to In Progress

#6 Updated by Sean McBride almost 3 years ago

Instead of:

Off
SSL (LDAPS, port 636)
TLS (LDAP, port 389)

I'd argue that:
- we should purge "SSL" since it implies the old insecure SSLv3. That's how I came to file these bugs in the first place: I was worried there was still SSLv3 support lingering in FreeNAS.
- we should use the term "StartTLS" as per https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol#StartTLS

So, concretely, I suggest:

Off
LDAPS (port 636)
StartTLS (port 389)

#7 Updated by Dru Lavigne almost 3 years ago

  • Related to Bug #74056: Update labels and help text for Security field in System -> Email of new UI added

#9 Updated by Aaron St. John almost 3 years ago

  • Needs Doc changed from Yes to No

#10 Updated by Bug Clerk almost 3 years ago

  • Status changed from In Progress to Ready for Testing

#11 Updated by Dru Lavigne almost 3 years ago

  • Subject changed from Change "Directory Services > Encryption Mode" options to explain more about protocols used. to Add port numbers to entries in Directory Services -> Encryption Mode drop-down menu
  • Needs Doc changed from No to Yes
  • Needs Merging changed from Yes to No

#16 Avatar?id=55038&size=24x24 Updated by Zackary Welch over 2 years ago

  • Status changed from Ready for Testing to Passed Testing
  • Needs QA changed from Yes to No

Confirmed fixed in U3.

#19 Updated by Dru Lavigne over 2 years ago

  • Status changed from Passed Testing to Done
  • Needs Doc changed from Yes to No

Also available in: Atom PDF