Re: [Freeipa-users] TLS 1.2 for PKI+SLAPD

Managed to get PKI/Tomcat patched for TLS 1.2. */etc/pki/pki-tomcat/server.xml* *...* * sslVersionRangeStream="tls1_2:tls1_2" * *sslVersionRangeDatagram="tls1_2:tls1_2" * *...* Thanks, resolved. On Thu, Apr 27, 2017 at 10:01 PM Callum Guy wrote: > For others reference

Re: [Freeipa-users] TLS 1.2 for PKI+SLAPD

For others reference this is regarding CentOS 7.2 with FreeIPA 4.4.0 Directory server change suggested on the link are for an older version. Minimum TLS support can be altered as follows: */etc/dirsrv/slapd-DOMAIN.COM/dse.ldif* dn: cn=encryption,cn=config allowWeakCipher: off cn: encryption

Re: [Freeipa-users] TLS 1.2 for PKI+SLAPD

Thanks so much for the link Rob - i'm on 4.4.0. I'll get back in touch if i run into any issues - i find it difficult to locate these help pages so really do appreciate the advice On Thu, Apr 27, 2017 at 8:16 PM Rob Crittenden wrote: > Callum Guy wrote: > > Hi All, > > > >

Re: [Freeipa-users] TLS 1.2 for PKI+SLAPD

Callum Guy wrote: > Hi All, > > I'm currently looking at hardening my FreeIPA server as part of a PCI > assessment. > > I am hoping to be able to fix PKI (ports 8443) and SLAPD (LDAPS) to use > only TLS1.2 - both currently support TLS1.0 and unfortunately that is > non-compliant for my

[Freeipa-users] TLS 1.2 for PKI+SLAPD

Hi All, I'm currently looking at hardening my FreeIPA server as part of a PCI assessment. I am hoping to be able to fix PKI (ports 8443) and SLAPD (LDAPS) to use only TLS1.2 - both currently support TLS1.0 and unfortunately that is non-compliant for my environment. Also i'm very much hoping not