On 29 Mar 2016, at 14:29, Adam Bishop <adam.bis...@jisc.ac.uk> wrote:
> I could use a bit of help resolving this - full client debug follows. Both 
> systems are running nss 3.19.1 which *should* support TLS1.2., so I'm unsure 
> where to start fixing this.

Turns out to be a little easier to solve than I thought; the CentOS 6 client 
was running an older version of NSS than I thought it was.

ipa-client-3.0.0-47.el6.centos.1.x86_64 defaults to requiring tls1.2 , but does 
not depend on a version of NSS that actually supports tls1.2.

Manually installing an updated version of NSS has resolved the problem. 

Regards,

Adam Bishop

 gpg: 0x6609D460

jisc.ac.uk

Jisc is a registered charity (number 1149740) and a company limited by 
guarantee which is registered in England under Company No. 5747339, VAT No. GB 
197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, Bristol, 
BS2 0JA. T 0203 697 5800.

Jisc Services Limited is a wholly owned Jisc subsidiary and a company limited 
by guarantee which is registered in England under company number 2881024, VAT 
number GB 197 0632 86. The registered office is: One Castle Park, Tower Hill, 
Bristol BS2 0JA. T 0203 697 5800.  


-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to