Callum Guy wrote:
> Hi All,
> 
> I'm currently looking at hardening my FreeIPA server as part of a PCI
> assessment.
> 
> I am hoping to be able to fix PKI (ports 8443) and SLAPD (LDAPS) to use
> only TLS1.2 - both currently support TLS1.0 and unfortunately that is
> non-compliant for my environment.
> 
> Also i'm very much hoping not to break my installation!
> 
> Does anyone have experience in this area?

It depends very much on what version you are running but see
https://access.redhat.com/articles/2801181 for inspiration.

rob

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to