On 09/23/2015 11:00 AM, Michael Lasevich wrote:
> OK, this is most bizarre issue,
> I am trying to disable RC4 based TLS Cipher Suites in LDAPs(port 636) and
> for the life of me cannot get it to work
> I have followed many nearly identical instructions to create ldif file and
> change "nsSSL3Ciphers" in "cn=encryption,cn=config". Seems simple enough -
> and I get it to take, and during the startup I can see the right SSL Cipher
> Suites listed in errors.log - but when it starts and I probe it, RC4
> ciphers are still there. I am completely confused.
> I tried setting "nsSSL3Ciphers" to "default" (which does not have "RC4")
> and to old style cyphers lists(lowercase), and new style cypher
> lists(uppercase), and nothing seems to make any difference.
> Any ideas?
Are you asking about standalone 389-DS or the one integrated in FreeIPA? As
with currently supported versions of FreeIPA, RC4 ciphers should be already
In RHEL/CentOS world, it should be fixed in 6.7/7.1 or later:
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project