[Freeipa-users] ERROR: unable to set Cipher List

Rob Crittenden rcritten at redhat.com
Mon May 3 13:35:43 UTC 2010 

Oliver Burtchen wrote:
> Hi @all,
> 
> I did a clean, minimum F-12 install with all updates, and used freeipa and 
> sssd12 from http://jdennis.fedorapeople.org/
> 
> Everything seems to work fine when I do a
> 
> ipa-server-install --setup-dns
> 
> But what does it mean what I see in ipaserver-install.log (attached)? Is this 
> hamfull, or just a missing, unused cipher-library? Or missing dependency when 
> installing? As I said, pki-ca, dogtag and freeipa seem to work.

It isn't harmful though it is a bit alarming and annoying. I filed a bug 
against dogtag for this issue: 
https://bugzilla.redhat.com/show_bug.cgi?id=588323

rob

> 
> Best regards and thanks for answers,
> Oli
> 
> 
> 
> --- snip ---
> Attempting to connect to: test.example.com:9445
> ERROR: unable to set Cipher List
> ERROR: Exception  = org.mozilla.jss.ssl.SSLSocketException: Failed to enable 
> cipher 0xc001
> : (-12266) An unknown SSL cipher suite has been requested.
> in TestCertApprovalCallback.approve()
> Peer cert details:
>      subject: CN=test.example.com,O=2010-04-30 23:48:30
>      issuer:  CN=test.example.com,O=2010-04-30 23:48:30
>      serial:  0
> item 1 reason=-8156 depth=1
>  cert details:
>      subject: CN=test.example.com,O=2010-04-30 23:48:30
>      issuer:  CN=test.example.com,O=2010-04-30 23:48:30
>      serial:  0
> item 2 reason=-8172 depth=1
>  cert details:
>      subject: CN=test.example.com,O=2010-04-30 23:48:30
>      issuer:  CN=test.example.com,O=2010-04-30 23:48:30
>      serial:  0
> importing certificate.
> Connected.
> Posting Query = 
> https://test.example.com:9445//ca/admin/console/config/login?pin=jJMsl21Np7mk6aHPOzm0&xml=true
> RESPONSE STATUS:  HTTP/1.1 302 Moved Temporarily
> RESPONSE HEADER:  Server: Apache-Coyote/1.1
> RESPONSE HEADER:  Set-Cookie: JSESSIONID=BED7F647B4BFC9FC8BD9F7BCA4A5BF92; 
> Path=/ca; Secure
> RESPONSE HEADER:  Location: 
> https://test.example.com:9445/ca/admin/console/config/wizard
> RESPONSE HEADER:  Content-Type: text/html;charset=UTF-8
> RESPONSE HEADER:  Content-Length: 0
> RESPONSE HEADER:  Date: Fri, 30 Apr 2010 21:51:43 GMT
> RESPONSE HEADER:  Connection: keep-alive
> xml returned:
> cookie list: JSESSIONID=BED7F647B4BFC9FC8BD9F7BCA4A5BF92; Path=/ca; Secure
> --- snip ---
>

More information about the Freeipa-users mailing list