On 01/29/2016 08:52 PM, Jeff Hallyburton wrote: > Rob, > > Chrome is flagging this, and given the error (I've attached a copy) its > probably due to the cipher suite (possibly specifically that it uses > SHA1). This article has more details and is consistent with what we're > seeing: > > http://security.stackexchange.com/questions/83831/google-chrome-your-connection-to-website-is-encrypted-with-obsolete-cryptograph > > We've also seen similar issues come up with other applications during > penetration scans (e.g., Qualys) which is why I've noted it here.
Hello Jeff, This is not because of TLS 1.2 would have a problem, but rather because of the FreeIPA default selection of Apache ciphers. This is something being discussed and fixed in this thread: http://www.redhat.com/archives/freeipa-devel/2016-January/msg00369.html and this ticket: https://fedorahosted.org/freeipa/ticket/5589 After our initial tests (you can see results in the ticket), FreeIPA should no longer receive this warning and should score "A" in the SSLabs test. This change is expected to be released in 4.3.1 version, which is now in development. Martin -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
