[Freeipa-users] ERROR: unable to set Cipher List
Oliver Burtchen
o.burtchen at gmx.de
Fri Apr 30 22:33:38 UTC 2010
Hi @all,
I did a clean, minimum F-12 install with all updates, and used freeipa and
sssd12 from http://jdennis.fedorapeople.org/
Everything seems to work fine when I do a
ipa-server-install --setup-dns
But what does it mean what I see in ipaserver-install.log (attached)? Is this
hamfull, or just a missing, unused cipher-library? Or missing dependency when
installing? As I said, pki-ca, dogtag and freeipa seem to work.
Best regards and thanks for answers,
Oli
--- snip ---
Attempting to connect to: test.example.com:9445
ERROR: unable to set Cipher List
ERROR: Exception = org.mozilla.jss.ssl.SSLSocketException: Failed to enable
cipher 0xc001
: (-12266) An unknown SSL cipher suite has been requested.
in TestCertApprovalCallback.approve()
Peer cert details:
subject: CN=test.example.com,O=2010-04-30 23:48:30
issuer: CN=test.example.com,O=2010-04-30 23:48:30
serial: 0
item 1 reason=-8156 depth=1
cert details:
subject: CN=test.example.com,O=2010-04-30 23:48:30
issuer: CN=test.example.com,O=2010-04-30 23:48:30
serial: 0
item 2 reason=-8172 depth=1
cert details:
subject: CN=test.example.com,O=2010-04-30 23:48:30
issuer: CN=test.example.com,O=2010-04-30 23:48:30
serial: 0
importing certificate.
Connected.
Posting Query =
https://test.example.com:9445//ca/admin/console/config/login?pin=jJMsl21Np7mk6aHPOzm0&xml=true
RESPONSE STATUS: HTTP/1.1 302 Moved Temporarily
RESPONSE HEADER: Server: Apache-Coyote/1.1
RESPONSE HEADER: Set-Cookie: JSESSIONID=BED7F647B4BFC9FC8BD9F7BCA4A5BF92;
Path=/ca; Secure
RESPONSE HEADER: Location:
https://test.example.com:9445/ca/admin/console/config/wizard
RESPONSE HEADER: Content-Type: text/html;charset=UTF-8
RESPONSE HEADER: Content-Length: 0
RESPONSE HEADER: Date: Fri, 30 Apr 2010 21:51:43 GMT
RESPONSE HEADER: Connection: keep-alive
xml returned:
cookie list: JSESSIONID=BED7F647B4BFC9FC8BD9F7BCA4A5BF92; Path=/ca; Secure
--- snip ---
--
Oliver Burtchen, Berlin
More information about the Freeipa-users
mailing list