Re: [Freeipa-users] FREAK Vulnerability

2016-01-28 Thread Terry John
:rcrit...@redhat.com] > Sent: 28 January 2016 04:49 > To: Marat Vyshegorodtsev; Terry John; freeipa-users@redhat.com > Subject: Re: [Freeipa-users] FREAK Vulnerability > > Marat Vyshegorodtsev wrote: >> My two cents: >> >> My "magic" string for NSS is

Re: [Freeipa-users] FREAK Vulnerability

2016-01-28 Thread Prasun Gera
uts down so any changes you make > to it while 389-ds is running are lost. > > rob > > > > > Terry > > > > > > -Original Message- > > From: Rob Crittenden [mailto:rcrit...@redhat.com] > > Sent: 28 January 2016 04:49 > > To: Marat Vysheg

Re: [Freeipa-users] FREAK Vulnerability

2016-01-28 Thread Christian Heimes
On 2016-01-28 13:32, Terry John wrote: > I'm really confused now. After the problem where my feeipa server would not > start and I had to use the backup I'm trying to do things in small steps. > > Listening to everything that has been said (thanks) I edited > slapd-/dse.ldif

Re: [Freeipa-users] FREAK Vulnerability

2016-01-28 Thread Terry John
[mailto:rcrit...@redhat.com] Sent: 28 January 2016 04:49 To: Marat Vyshegorodtsev; Terry John; freeipa-users@redhat.com Subject: Re: [Freeipa-users] FREAK Vulnerability Marat Vyshegorodtsev wrote: > My two cents: > > My "magic" string for NSS is like this (I had to move to Fedor

Re: [Freeipa-users] FREAK Vulnerability

2016-01-28 Thread Rob Crittenden
2016 14:35 > To: Terry John; Marat Vyshegorodtsev; freeipa-users@redhat.com > <mailto:freeipa-users@redhat.com> > Subject: Re: [Freeipa-users] FREAK Vulnerability > > Terry John wrote: > > I'm really confused now. After the problem where my feeipa server

Re: [Freeipa-users] FREAK Vulnerability

2016-01-28 Thread Rob Crittenden
9 > To: Marat Vyshegorodtsev; Terry John; freeipa-users@redhat.com > Subject: Re: [Freeipa-users] FREAK Vulnerability > > Marat Vyshegorodtsev wrote: >> My two cents: >> >> My "magic" string for NSS is like this (I had to move to Fedora 23 >> f

Re: [Freeipa-users] FREAK Vulnerability

2016-01-27 Thread Marat Vyshegorodtsev
My two cents: My "magic" string for NSS is like this (I had to move to Fedora 23 from CentOS in order to get more recent NSS version though): NSSProtocol TLSv1.2 NSSCipherSuite

Re: [Freeipa-users] FREAK Vulnerability

2016-01-27 Thread Rob Crittenden
Marat Vyshegorodtsev wrote: > My two cents: > > My "magic" string for NSS is like this (I had to move to Fedora 23 > from CentOS in order to get more recent NSS version though): > > NSSProtocol TLSv1.2 > NSSCipherSuite >

Re: [Freeipa-users] FREAK Vulnerability

2016-01-26 Thread Martin Kosek
[mailto:chei...@redhat.com] > Sent: 22 January 2016 10:03 > To: Terry John; Martin Kosek; freeipa-users@redhat.com > Subject: Re: [Freeipa-users] FREAK Vulnerability > > On 2016-01-21 17:54, Terry John wrote: >> Thanks for the info. I have tried nearly all the NSSCipherSu

Re: [Freeipa-users] FREAK Vulnerability

2016-01-26 Thread Terry John
:03 To: Terry John; Martin Kosek; freeipa-users@redhat.com Subject: Re: [Freeipa-users] FREAK Vulnerability On 2016-01-21 17:54, Terry John wrote: > Thanks for the info. I have tried nearly all the NSSCipherSuite settings in > that ticket but none so far has eliminated the FREAK

Re: [Freeipa-users] FREAK Vulnerability

2016-01-26 Thread Martin Basti
there and start DS the file should be in /etc/dirsrv/slapd-/|instance_name|/ Terry -Original Message- From: Christian Heimes [mailto:chei...@redhat.com] Sent: 22 January 2016 10:03 To: Terry John; Martin Kosek; freeipa-users@redhat.com Subject: Re: [Freeipa-users] FREAK Vulnerability On 2016-01

Re: [Freeipa-users] FREAK Vulnerability

2016-01-26 Thread Rich Megginson
...@redhat.com] Sent: 22 January 2016 10:03 To: Terry John; Martin Kosek;freeipa-users@redhat.com Subject: Re: [Freeipa-users] FREAK Vulnerability On 2016-01-21 17:54, Terry John wrote: Thanks for the info. I have tried nearly all the NSSCipherSuite settings in that ticket but none so far has eliminated

Re: [Freeipa-users] FREAK Vulnerability

2016-01-22 Thread Martin Kosek
On 01/21/2016 05:54 PM, Terry John wrote: I've been trying to tidy the security on my FreeIPA and this is causing me some problems. I'm using OpenVAS vulnerability scanner and it is coming up with this issue EXPORT_RSA cipher suites supported by the remote server: TLSv1.0:

Re: [Freeipa-users] FREAK Vulnerability

2016-01-22 Thread Christian Heimes
On 2016-01-21 17:54, Terry John wrote: > Thanks for the info. I have tried nearly all the NSSCipherSuite settings in > that ticket but none so far has eliminated the FREAK report. > Christian thanks for the heads up on the syntax, I wasn't sure of what I was > doing > > Each time I've made a

Re: [Freeipa-users] FREAK Vulnerability

2016-01-21 Thread Martin Kosek
On 01/21/2016 03:31 PM, Terry John wrote: > I've been trying to tidy the security on my FreeIPA and this is causing me > some problems. I'm using OpenVAS vulnerability scanner and it is coming up > with this issue > > EXPORT_RSA cipher suites supported by the remote server: > TLSv1.0:

Re: [Freeipa-users] FREAK Vulnerability

2016-01-21 Thread Christian Heimes
On 2016-01-21 15:51, Martin Kosek wrote: > On 01/21/2016 03:31 PM, Terry John wrote: >> I've been trying to tidy the security on my FreeIPA and this is causing me >> some problems. I'm using OpenVAS vulnerability scanner and it is coming up >> with this issue >> >> EXPORT_RSA cipher suites

Re: [Freeipa-users] FREAK Vulnerability

2016-01-21 Thread Terry John
>> I've been trying to tidy the security on my FreeIPA and this is >> causing me some problems. I'm using OpenVAS vulnerability scanner and >> it is coming up with this issue >> >> EXPORT_RSA cipher suites supported by the remote server: >> TLSv1.0: TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (0006) >>

Re: [Freeipa-users] FREAK Vulnerability

2016-01-21 Thread Rob Crittenden
Christian Heimes wrote: > On 2016-01-21 15:51, Martin Kosek wrote: >> On 01/21/2016 03:31 PM, Terry John wrote: >>> I've been trying to tidy the security on my FreeIPA and this is causing me >>> some problems. I'm using OpenVAS vulnerability scanner and it is coming up >>> with this issue >>>

Re: [Freeipa-users] FREAK Vulnerability

2016-01-21 Thread Christian Heimes
On 2016-01-21 17:54, Terry John wrote: >>> I've been trying to tidy the security on my FreeIPA and this is >>> causing me some problems. I'm using OpenVAS vulnerability scanner and >>> it is coming up with this issue >>> >>> EXPORT_RSA cipher suites supported by the remote server: >>> TLSv1.0: