On 09/23/2015 11:00 AM, Michael Lasevich wrote:
> OK, this is most bizarre issue,
> 
> I am trying to disable RC4 based TLS Cipher Suites in LDAPs(port 636) and
> for the life of me cannot get it to work
> 
> I have followed many nearly identical instructions to create ldif file and
> change "nsSSL3Ciphers" in "cn=encryption,cn=config". Seems simple enough -
> and I get it to take, and during the startup I can see the right SSL Cipher
> Suites listed in errors.log - but when it starts and I probe it, RC4
> ciphers are still there. I am completely confused.
> 
> I tried setting "nsSSL3Ciphers" to "default" (which does not have "RC4")
> and to old style cyphers lists(lowercase), and new style cypher
> lists(uppercase), and nothing seems to make any difference.
> 
> Any ideas?
> 
> -M

Are you asking about standalone 389-DS or the one integrated in FreeIPA? As
with currently supported versions of FreeIPA, RC4 ciphers should be already
gone, AFAIK.

In RHEL/CentOS world, it should be fixed in 6.7/7.1 or later:

https://bugzilla.redhat.com/show_bug.cgi?id=1154687
https://fedorahosted.org/freeipa/ticket/4653

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to