Re: Disabling SSLv3 Issues
I'm not sure how this is handled by Apache Directory, but usually there are 2 different settings you mustn't confuse: CipherSuite selects the available /ciphers/; there are a lot of "SSL3" ciphers that are still okay to use. If you disable all of them, it's quite possible that clients can't connect anymore. Try "openssl ciphers -v SSLv3" to get a list. There should also be another setting to control the minimum protocol level ("olcTLSProtocolMin" for OpenLDAP, "SSLProtocol" for Apache httpd). This allows you to disable e.g. SSLv3 and below, it is the one you need to change! hth, cheers, -- Infineon Technologies IT-Services GmbH martin.schust...@infineon.com Lakeside B05, 9020 Klagenfurt, Austria Martin Schuster FB: LG Klagenfurt, FN 246787y +43 5 1777 3517
Re: Disabling SSLv3 Issues
Hi, what version are you using ? What Java version are you using ? Do you have any log on the server ? Le 21/02/2017 à 21:54, Lemp, Dustin a écrit : > Hey all, > I have a question and hope that someone here can help me out. I'm trying to > disable sslv3 on my openldap server. I'm adding "olcTLSCipherSuite: > SECURE256:-VERS-SSL3.0" to my ssl config file. This fixes everything > security-wise, but now I can't connect via ApacheDS. I'm still trying to > connect via ldaps on port 636. Any ideas? > > Thanks! > ___ > Dustin Lemp > Systems Analyst > Jefferson College > 636-481-3477 > -- Emmanuel Lecharny Symas.com directory.apache.org
Disabling SSLv3 Issues
Hey all, I have a question and hope that someone here can help me out. I'm trying to disable sslv3 on my openldap server. I'm adding "olcTLSCipherSuite: SECURE256:-VERS-SSL3.0" to my ssl config file. This fixes everything security-wise, but now I can't connect via ApacheDS. I'm still trying to connect via ldaps on port 636. Any ideas? Thanks! ___ Dustin Lemp Systems Analyst Jefferson College 636-481-3477