On 29 Mar 2016, at 14:29, Adam Bishop <adam.bis...@jisc.ac.uk> wrote: > I could use a bit of help resolving this - full client debug follows. Both > systems are running nss 3.19.1 which *should* support TLS1.2., so I'm unsure > where to start fixing this.
Turns out to be a little easier to solve than I thought; the CentOS 6 client was running an older version of NSS than I thought it was. ipa-client-3.0.0-47.el6.centos.1.x86_64 defaults to requiring tls1.2 , but does not depend on a version of NSS that actually supports tls1.2. Manually installing an updated version of NSS has resolved the problem. Regards, Adam Bishop gpg: 0x6609D460 jisc.ac.uk Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800. Jisc Services Limited is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under company number 2881024, VAT number GB 197 0632 86. The registered office is: One Castle Park, Tower Hill, Bristol BS2 0JA. T 0203 697 5800. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project