On 04/27/2016 07:27 AM, Sean Hogan wrote: > Hello, > > We currently have 7 ipa servers in multi master running: > > ipa-server-3.0.0-47.el6_7.1.x86_64 > 389-ds-base-126.96.36.199-68.el6_7.x86_64 > > Tenable is showing the use of weak ciphers along with freak vulnerabilities. > I > have followed > https://access.redhat.com/solutions/675183 however issues remain in the > ciphers > being used.
Can you show the full report, so that we can see what's wrong? What I am looking for also is if the problem is LDAPS port or HTTPS port, so that we are not fixing wrong service. DS ciphers were hardened in RHEL-6.x and RHEL-7.x already as part of this bug: https://bugzilla.redhat.com/show_bug.cgi?id=1154687 Further hardening comes with FreeIPA 4.3.1+: https://fedorahosted.org/freeipa/ticket/5684 https://fedorahosted.org/freeipa/ticket/5589 (it should appear in RHEL-7.3+) Martin -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project