On 09/22/2014 10:07 PM, Nathan Kinder wrote:
> 
> 
> On 09/22/2014 05:03 AM, Murty, Ajeet (US - Arlington) wrote:
>> Security scan of FreeIPA server ports uncovered weak, medium and null
>> ciphers on port 389 and 636. We are running ‘ipa-server-3.0.0-37.el6.i686’.
>>
>> How can I disable/remove these ciphers in my existing setup?
> 
> This has recently been worked on in this 389-ds-base ticket:
> 
>   https://fedorahosted.org/389/ticket/47838
> 
> As mentioned in the initial description of that ticket, you can
> configure the allowed ciphers in the "cn=config" entry in 389-ds-base.
> You can edit this over LDAP, or by stopping 389-ds-base and editing
> /etc/dirsrv/slapd-<REALM>/dse.ldif.
> 
> Thanks,
> -NGK

You can also check the FreeIPA counterpart:

https://fedorahosted.org/freeipa/ticket/4395

This issue is fixed in FreeIPA 4.0.3 (available in Copr build and Fedora 21+),
we would very much welcome if you can verify that this setup works for you!

Thanks,
Martin

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to