Description: Improve SSL/TLS support (patch backported from 6.2 branch)
  - Fix LDAP support to use tlsv1 instead of tls
  - Globally support TLSv1.1 and TLSv1.2
Origin: https://sourcesup.renater.fr/scm/viewvc.php?view=rev&root=sympa&revision=11980
Bug-Debian: https://bugs.debian.org/783595
Forwarded: not-needed
Last-Update: 2015-07-31
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/src/lib/List.pm
+++ b/src/lib/List.pm
@@ -877,7 +877,8 @@
 									    'gettext_id' => 'use SSL (LDAPS)',
 									    'order' => 2.5,
 									},
-							      'ssl_version' => {'format' => ['sslv2','sslv3','tls'],
+							      'ssl_version' => {'format' => ['sslv2','sslv3','tlsv1','tlsv1_1','tlsv1_2'],
+										'synonym' => {'tls' => 'tlsv1'},
 										'default' => 'sslv3',
 										'gettext_id' => 'SSL version',
 										'order' => 2.5,
@@ -1001,8 +1002,9 @@
 									    'gettext_id' => 'use SSL (LDAPS)',
 									    'order' => 2.5,
 									},
-							      'ssl_version' => {'format' => ['sslv2','sslv3','tls'],
-										'default' => '',
+							      'ssl_version' => {'format' => ['sslv2','sslv3','tlsv1','tlsv1_1','tlsv1_2'],
+										'synonym' => {'tls' => 'tlsv1'},
+										'default' => 'sslv3',
 										'gettext_id' => 'SSL version',
 										'order' => 2.5,
 									    },
@@ -1577,9 +1579,11 @@
     'no'  => {'gettext_id' => 'no'},
 
     # include_ldap_2level_query.ssl_version, include_ldap_query.ssl_version
-    'sslv2' => {'gettext_id' => 'SSL version 2'},
-    'sslv3' => {'gettext_id' => 'SSL version 3'},
-    'tls'   => {'gettext_id' => 'TLS'},
+    'sslv2'   => {'gettext_id' => 'SSL version 2'},
+    'sslv3'   => {'gettext_id' => 'SSL version 3'},
+    'tlsv1'   => {'gettext_id' => 'TLS version 1'},
+    'tlsv1_1' => {'gettext_id' => 'TLS version 1.1'},
+    'tlsv1_2' => {'gettext_id' => 'TLS version 1.2'},
 
     # editor.reception, owner_include.reception, owner.reception,
     # editor_include.reception
--- a/src/lib/Conf.pm
+++ b/src/lib/Conf.pm
@@ -1141,7 +1141,7 @@
 				     'scope' => 'base|one|sub',
 				     'authentication_info_url' => 'http(s)?:/.*',
 				     'use_ssl' => '1',
-				     'ssl_version' => 'sslv2/3|sslv2|sslv3|tlsv1',
+				     'ssl_version' => 'sslv2/3|sslv2|sslv3|tlsv1|tlsv1_1|tlsv1_2',
 				     'ssl_ciphers' => '[\w:]+' },
 			  
 			  'user_table' => {'regexp' => '.*',
@@ -1165,7 +1165,7 @@
 				    'ldap_get_email_by_uid_filter' => '.+',
 				    'ldap_email_attribute' => '\w+',
 				    'ldap_use_ssl' => '1',
-				    'ldap_ssl_version' => 'sslv2/3|sslv2|sslv3|tlsv1',
+				    'ldap_ssl_version' => 'sslv2/3|sslv2|sslv3|tlsv1|tlsv1_1|tlsv1_2',
 				    'ldap_ssl_ciphers' => '[\w:]+'
 				    },
 			  'generic_sso' => {'service_name' => '.+',
@@ -1184,7 +1184,7 @@
 					    'ldap_get_email_by_uid_filter' => '.+',
 					    'ldap_email_attribute' => '\w+',
 					    'ldap_use_ssl' => '1',
-					    'ldap_ssl_version' => 'sslv2/3|sslv2|sslv3|tlsv1',
+					    'ldap_ssl_version' => 'sslv2/3|sslv2|sslv3|tlsv1|tlsv1_1|tlsv1_2',
 					    'ldap_ssl_ciphers' => '[\w:]+',
 					    'force_email_verify' => '1',
 					    'internal_email_by_netid' => '1',
