I've been trying to tidy the security on my FreeIPA and this is causing me some 
problems. I'm using OpenVAS vulnerability scanner and it is coming up with this 

EXPORT_RSA cipher suites supported by the remote server:
TLSv1.0: TLS_RSA_EXPORT_WITH_RC4_40_MD5 (0003)

It seems we have to disable export  TLS ciphers but I can't see how. I've 
edited /etc/httpd/conf.d/nss.conf and disabled all SSL and TLSV1.0.

I've got

NSSCipherSuite -all,-exp,+<the ones I want>

I've restarted httpd and ipa but it still fails

Is there something I have overlooked

Thanks, Terry

The Manheim group of companies within the UK comprises: Manheim Europe Limited 
(registered number: 03183918), Manheim Auctions Limited (registered number: 
00448761), Manheim Retail Services Limited (registered number: 02838588), 
Motors.co.uk Limited (registered number: 05975777), Real Time Communications 
Limited (registered number: 04277845) and Complete Automotive Solutions Limited 
(registered number: 05302535). Each of these companies is registered in England 
and Wales with the registered office address of Central House, Leeds Road, 
Rothwell, Leeds LS26 0JE. The Manheim group of companies operates under various 
brand/trading names including Manheim Inspection Services, Manheim Auctions, 
Manheim Direct, Manheim De-fleet and Manheim Aftersales Solutions.


Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to