def test_init(topology_st):
"""
Generate self signed cert and import it to the DS cert db.
Enable SSL
"""
_header(topology_st, 'Testing Ticket 48194 - harden the list of ciphers available by default')
nss_ssl = NssSsl(dbpath=topology_st.standalone.get_cert_dir())
nss_ssl.reinit()
nss_ssl.create_rsa_ca()
nss_ssl.create_rsa_key_and_cert()
log.info("\n######################### enable SSL in the directory server with all ciphers ######################\n")
topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
topology_st.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3', b'off'),
(ldap.MOD_REPLACE, 'nsTLS1', b'on'),
(ldap.MOD_REPLACE, 'nsSSLClientAuth', b'allowed'),
(ldap.MOD_REPLACE, 'allowWeakCipher', b'on'),
(ldap.MOD_REPLACE, 'nsSSL3Ciphers', b'+all')])
topology_st.standalone.modify_s(CONFIG_DN, [(ldap.MOD_REPLACE, 'nsslapd-security', b'on'),
(ldap.MOD_REPLACE, 'nsslapd-ssl-check-hostname', b'off'),
(ldap.MOD_REPLACE, 'nsslapd-secureport', ensure_bytes(LDAPSPORT))])
if ds_is_older('1.4.0'):
topology_st.standalone.add_s(Entry((RSA_DN, {'objectclass': "top nsEncryptionModule".split(),
'cn': RSA,
'nsSSLPersonalitySSL': SERVERCERT,
'nsSSLToken': 'internal (software)',
'nsSSLActivation': 'on'})))
def enable_ssl(server, ldapsport):
server.stop()
nss_ssl = NssSsl(dbpath=server.get_cert_dir())
nss_ssl.reinit()
nss_ssl.create_rsa_ca()
nss_ssl.create_rsa_key_and_cert()
server.start()
server.config.set('nsslapd-secureport', '%s' % ldapsport)
server.config.set('nsslapd-security', 'on')
server.sslport = SECUREPORT_STANDALONE1
server.restart()
