Callum Guy wrote: > Hi All, > > I'm currently looking at hardening my FreeIPA server as part of a PCI > assessment. > > I am hoping to be able to fix PKI (ports 8443) and SLAPD (LDAPS) to use > only TLS1.2 - both currently support TLS1.0 and unfortunately that is > non-compliant for my environment. > > Also i'm very much hoping not to break my installation! > > Does anyone have experience in this area?
It depends very much on what version you are running but see https://access.redhat.com/articles/2801181 for inspiration. rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
