>>> Peter Boguszewski <[email protected]> schrieb am 22.10.2014 um 23:08 in Nachricht <[email protected]>: > I am running into issues on RHEL 6.x servers (mix of 6.5 and now 6.6) > when attempting to disable SSLv3. I have compiled the servers with the > --with-tls=openssl option and communication appears to be working well > between servers to matter what I have for SSL Protocol. My problems are > with the clients. > > For client configuration I install the openldap-clients package via yum > install. Everything works as expected with this setting on the server side: > > olcTLSCipherSuite: HIGH:+TLSv1.2:-TLSv1.1:-TLSv1.0:+SSLv3:-SSLv2 > > as soon as I modify the +SSLv3 to -SSLv3 to this: > > olcTLSCipherSuite: HIGH:+TLSv1.2:-TLSv1.1:-TLSv1.0:-SSLv3:-SSLv2 > > the client no longer works. I have tried just about everything I can
Some (older) openssl versions have this feature: List ciphers with a complete description of protocol version (SSLv2 or SSLv3; the latter includes TLS) So you may disable TLS when trying to disable SSLv3, I guess. Regards, Ulrich
