Re: Disabling SSLv3 Issues
Thank you very much! I used
olcTLSProtocolMin: 3.2
olcTLSCipherSuite: HIGH:MEDIUM:!ADH:!MD5:!RC4
And that seems to have fixed my issues!
___
Dustin Lemp
Systems Analyst
Jefferson College
636-481-3477
On Wed, Feb 22, 2017 at 12:32 AM, Martin Schuster (IFKL IT OS DC CD) <
martin.schust...@infineon.com> wrote:
> I'm not sure how this is handled by Apache Directory, but usually there
> are 2 different settings you mustn't confuse:
>
> CipherSuite selects the available /ciphers/; there are a lot of "SSL3"
> ciphers that are still okay to use. If you disable all of them, it's
> quite possible that clients can't connect anymore.
> Try "openssl ciphers -v SSLv3" to get a list.
>
> There should also be another setting to control the minimum protocol
> level ("olcTLSProtocolMin" for OpenLDAP, "SSLProtocol" for Apache
> httpd). This allows you to disable e.g. SSLv3 and below, it is the one
> you need to change!
>
> hth, cheers,
> --
> Infineon Technologies IT-Services GmbH martin.schust...@infineon.com
> Lakeside B05, 9020 Klagenfurt, Austria Martin Schuster
> FB: LG Klagenfurt, FN 246787y +43 5 1777 3517
>
Re: Disabling SSLv3 Issues
I'm not sure how this is handled by Apache Directory, but usually there
are 2 different settings you mustn't confuse:
CipherSuite selects the available /ciphers/; there are a lot of "SSL3"
ciphers that are still okay to use. If you disable all of them, it's
quite possible that clients can't connect anymore.
Try "openssl ciphers -v SSLv3" to get a list.
There should also be another setting to control the minimum protocol
level ("olcTLSProtocolMin" for OpenLDAP, "SSLProtocol" for Apache
httpd). This allows you to disable e.g. SSLv3 and below, it is the one
you need to change!
hth, cheers,
--
Infineon Technologies IT-Services GmbH martin.schust...@infineon.com
Lakeside B05, 9020 Klagenfurt, Austria Martin Schuster
FB: LG Klagenfurt, FN 246787y +43 5 1777 3517
Re: Disabling SSLv3 Issues
Hi, what version are you using ? What Java version are you using ? Do you have any log on the server ? Le 21/02/2017 à 21:54, Lemp, Dustin a écrit : > Hey all, > I have a question and hope that someone here can help me out. I'm trying to > disable sslv3 on my openldap server. I'm adding "olcTLSCipherSuite: > SECURE256:-VERS-SSL3.0" to my ssl config file. This fixes everything > security-wise, but now I can't connect via ApacheDS. I'm still trying to > connect via ldaps on port 636. Any ideas? > > Thanks! > ___ > Dustin Lemp > Systems Analyst > Jefferson College > 636-481-3477 > -- Emmanuel Lecharny Symas.com directory.apache.org
Disabling SSLv3 Issues
Hey all, I have a question and hope that someone here can help me out. I'm trying to disable sslv3 on my openldap server. I'm adding "olcTLSCipherSuite: SECURE256:-VERS-SSL3.0" to my ssl config file. This fixes everything security-wise, but now I can't connect via ApacheDS. I'm still trying to connect via ldaps on port 636. Any ideas? Thanks! ___ Dustin Lemp Systems Analyst Jefferson College 636-481-3477
