On Wed, 27 Apr 2016, Sean Hogan wrote:


Hello Alexander


I knew the below which is why I added my DS rpm version in the orig email
which made sense to me but per 389 DS docs alloowweakcipher starts in
1.3.3.2 in case anyone else reads this.  At least thats what the docs say
but you may know something where it actually does not work til 1.3.4.0.  I
dunno
http://directory.fedoraproject.org/docs/389ds/design/nss-cipher-design.html


Additionally I want to clarify the comment 4.3.1 has this as default setup.
Are you suggesting that IPA 3.0.47 for rhel6 is incapable of getting a
stronger ssl config and that anyone who needs tighter cipher control needs
to upgrade to IPA 4.3.1 and there OS to RHEL(centos, scientific) 7
All I said is that we fixed this particular issue to make sure defaults
in 4.3.1 reflect current status quo on SSL ciphers.

If you want to have a similar setup with 3.0.47, you are welcome to
improve the configuration based on the effort we did for 4.3.1.

Notice that I said nothing about incapability of either deployment to
handle this, not sure where you were able to read that from.

--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to