Hi,
We're also seeing that the free-ipa web-portal is using TLS 1.2 by default,
which is being flagged as insecure / obsolete. This also seems to be
causing some clients (some instances of Chrome) to fail logins:
[Fri Jan 29 18:34:26.638350 2016] [:error] [pid 6603] SSL Library Error:
-12286 No
Jeff Hallyburton wrote:
> Hi,
>
> We're also seeing that the free-ipa web-portal is using TLS 1.2 by
> default, which is being flagged as insecure / obsolete. This also seems
> to be causing some clients (some instances of Chrome) to fail logins:
>
> [Fri Jan 29 18:34:26.638350 2016] [:error]
Rob,
Chrome is flagging this, and given the error (I've attached a copy) its
probably due to the cipher suite (possibly specifically that it uses
SHA1). This article has more details and is consistent with what we're
seeing: