gt;
Cc: freeipa-users@redhat.com, Noriko Hosoi <nho...@redhat.com>
Date: 04/29/2016 01:49 PM
Subject: Re: [Freeipa-users] IPA vulnerability management SSL
Thanks Rob... appreciate the help.. can you send me what you have in
nss.conf, server.xml as well? If I start off playing with s
On Fri, 29 Apr 2016 08:56:57 -0700 Sean wrote:
SH> Hi Rob,
SH>
SH> I stopped IPA, modified dse.ldif, restarted with the cipher list and it
SH> started without issue
Just thought I'd point out the other recent thread, "freeipa update changed
my cipher set", which mentions that dse.ldif can get
edhat.com>
To: Sean Hogan/Durham/IBM@IBMUS
Cc: freeipa-users@redhat.com, Noriko Hosoi <nho...@redhat.com>
Date: 04/29/2016 01:36 PM
Subject: Re: [Freeipa-users] IPA vulnerability management SSL
Sean Hogan wrote:
&
;rcrit...@redhat.com>
> Cc: freeipa-users@redhat.com, Noriko Hosoi <nho...@redhat.com>
> Date: 04/29/2016 08:56 AM
> Subject: Re: [Freeipa-users] IPA vulnerability management SSL
>
>
>
>
> Hi Rob,
9/2016 08:56 AM
Subject: Re: [Freeipa-users] IPA vulnerability management SSL
Hi Rob,
I stopped IPA, modified dse.ldif, restarted with the cipher list and it
started without issue however Same 13 ciphers. You know.. th
edhat.com>
Date: 04/29/2016 08:56 AM
Subject: Re: [Freeipa-users] IPA vulnerability management SSL
Hi Rob,
I stopped IPA, modified dse.ldif, restarted with the cipher list and it
started without issue however Same 13 ciphers. You know.. thinking about
this now.. I going to t
freeipa-users@redhat.com
Date: 04/29/2016 08:30 AM
Subject: Re: [Freeipa-users] IPA vulnerability management SSL
Sean Hogan wrote:
> Hi Noriko,
>
> Thanks for the suggestions,
>
> I had to trim out the GCM ciphers in order to get IPA to start back up
> or I would get the
riko Hosoi
---04/28/2016 12:08:59 PM---Thank you for including me in the loop,
Ludwig. On 04/28/2016 04:34 AM, Ludwig Krispenz wrote:
From: Noriko Hosoi <nho...@redhat.com>
To: Ludwig Krispenz <lkris...@redhat.com>, freeipa-users@redhat.com
Date: 04/28/2016 12:08 PM
Subject: R
bject: Re: [Freeipa-users] IPA vulnerability management SSL
Sent by:freeipa-users-boun...@redhat.com
Thank you for including me in the loop, Ludwig.
On 04/28/2016 04:34 AM, Ludwig Krispenz wrote:
> If I remember correctly we did the change in default ciphers and the
option for
Thank you for including me in the loop, Ludwig.
On 04/28/2016 04:34 AM, Ludwig Krispenz wrote:
> If I remember correctly we did the change in default ciphers and the
option for handling in 389-ds > 1.3.3, so it would not be in RHEL6,
adding Noriko to get confirmation.
Ludwig is right. The
i <nho...@redhat.com>
Date: 04/28/2016 08:20 AM
Subject: Re: [Freeipa-users] IPA vulnerability management SSL
Yes sir.. I am stopping DS with ipactl stop before making changes.. .I
often times have to really play with the ciphers cause many times when I
restart DS I get unknown cipher a
gt;
Date: 04/28/2016 04:46 AM
Subject: Re: [Freeipa-users] IPA vulnerability management SSL
Sent by:freeipa-users-boun...@redhat.com
wanted to add Noriko, but hit send to quickly
On 04/28/2016 01:26 PM, Ludwig Krispenz wrote:
>
> On 04/28/2016 12:06 PM, Martin Kosek wrot
Security & Risk Assurance
Watson Cloud Technology and Support
email: scho...@us.ibm.com | Tel 919 486 1397
From: Ludwig Krispenz <lkris...@redhat.com>
To: freeipa-users@redhat.com, Noriko Hosoi <nho...@redhat.com>
Date: 04/28/2016 04:46 AM
Subject: Re: [Fr
wanted to add Noriko, but hit send to quickly
On 04/28/2016 01:26 PM, Ludwig Krispenz wrote:
On 04/28/2016 12:06 PM, Martin Kosek wrote:
On 04/28/2016 01:23 AM, Sean Hogan wrote:
Hi Martin,
No joy on placing - in front of the RC4s
I modified my nss.conf to now read
# SSL 3 ciphers. SSL 2
On 04/28/2016 12:06 PM, Martin Kosek wrote:
On 04/28/2016 01:23 AM, Sean Hogan wrote:
Hi Martin,
No joy on placing - in front of the RC4s
I modified my nss.conf to now read
# SSL 3 ciphers. SSL 2 is disabled by default.
NSSCipherSuite
On 04/28/2016 01:23 AM, Sean Hogan wrote:
> Hi Martin,
>
> No joy on placing - in front of the RC4s
>
>
> I modified my nss.conf to now read
> # SSL 3 ciphers. SSL 2 is disabled by default.
> NSSCipherSuite
>
rs instead of SSL
Sean Hogan
From: Sean Hogan/Durham/IBM
To: Martin Kosek <mko...@redhat.com>
Cc: freeipa-users <freeipa-users@redhat.com>
Date: 04/27/2016 09:59 AM
Subject: Re: [Freeipa-users] IPA vulnerability management SSL
I ran the following:
nmap --s
something wrong here?
Sean Hogan
From: Alexander Bokovoy <aboko...@redhat.com>
To: Sean Hogan/Durham/IBM@IBMUS
Cc: freeipa-users <freeipa-users@redhat.com>
Date: 04/27/2016 10:35 AM
Subject: Re: [Freeipa-users] IPA vulnerability management SSL
On Wed,
On Wed, 27 Apr 2016, Sean Hogan wrote:
Hello Alexander
I knew the below which is why I added my DS rpm version in the orig email
which made sense to me but per 389 DS docs alloowweakcipher starts in
1.3.3.2 in case anyone else reads this. At least thats what the docs say
but you may know
reeipa-users] IPA vulnerability management SSL
On Tue, 26 Apr 2016, Sean Hogan wrote:
>
>
>Hello,
>
> We currently have 7 ipa servers in multi master running:
>
>ipa-server-3.0.0-47.el6_7.1.x86_64
>389-ds-base-1.2.11.15-68.el6_7.x86_64
>
>Tenable is showin
suites.
So I do see RC4 and the exports so I guess I can - those in the dse.ldif
From: Sean Hogan/Durham/IBM
To: Martin Kosek <mko...@redhat.com>
Cc: freeipa-users <freeipa-users@redhat.com>
Date: 04/27/2016 09:33 AM
Subject: Re: [Freeipa-users] IPA vulnerability ma
ipa-users@redhat.com>
Date: 04/27/2016 01:43 AM
Subject: Re: [Freeipa-users] IPA vulnerability management SSL
On 04/27/2016 07:27 AM, Sean Hogan wrote:
> Hello,
>
> We currently have 7 ipa servers in multi master running:
>
> ipa-server-3.0.0-47.el6_7.1.x86_64
>
On 04/27/2016 07:27 AM, Sean Hogan wrote:
> Hello,
>
> We currently have 7 ipa servers in multi master running:
>
> ipa-server-3.0.0-47.el6_7.1.x86_64
> 389-ds-base-1.2.11.15-68.el6_7.x86_64
>
> Tenable is showing the use of weak ciphers along with freak vulnerabilities.
> I
> have followed
>
On Tue, 26 Apr 2016, Sean Hogan wrote:
Hello,
We currently have 7 ipa servers in multi master running:
ipa-server-3.0.0-47.el6_7.1.x86_64
389-ds-base-1.2.11.15-68.el6_7.x86_64
Tenable is showing the use of weak ciphers along with freak
vulnerabilities. I have followed
24 matches
Mail list logo