On 09/22/2014 10:07 PM, Nathan Kinder wrote: > > > On 09/22/2014 05:03 AM, Murty, Ajeet (US - Arlington) wrote: >> Security scan of FreeIPA server ports uncovered weak, medium and null >> ciphers on port 389 and 636. We are running ‘ipa-server-3.0.0-37.el6.i686’. >> >> How can I disable/remove these ciphers in my existing setup? > > This has recently been worked on in this 389-ds-base ticket: > > https://fedorahosted.org/389/ticket/47838 > > As mentioned in the initial description of that ticket, you can > configure the allowed ciphers in the "cn=config" entry in 389-ds-base. > You can edit this over LDAP, or by stopping 389-ds-base and editing > /etc/dirsrv/slapd-<REALM>/dse.ldif. > > Thanks, > -NGK
You can also check the FreeIPA counterpart: https://fedorahosted.org/freeipa/ticket/4395 This issue is fixed in FreeIPA 4.0.3 (available in Copr build and Fedora 21+), we would very much welcome if you can verify that this setup works for you! Thanks, Martin -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
