[Freeipa-users] ERROR: unable to set Cipher List
Rob Crittenden
rcritten at redhat.com
Mon May 3 13:35:43 UTC 2010
Oliver Burtchen wrote:
> Hi @all,
>
> I did a clean, minimum F-12 install with all updates, and used freeipa and
> sssd12 from http://jdennis.fedorapeople.org/
>
> Everything seems to work fine when I do a
>
> ipa-server-install --setup-dns
>
> But what does it mean what I see in ipaserver-install.log (attached)? Is this
> hamfull, or just a missing, unused cipher-library? Or missing dependency when
> installing? As I said, pki-ca, dogtag and freeipa seem to work.
It isn't harmful though it is a bit alarming and annoying. I filed a bug
against dogtag for this issue:
https://bugzilla.redhat.com/show_bug.cgi?id=588323
rob
>
> Best regards and thanks for answers,
> Oli
>
>
>
> --- snip ---
> Attempting to connect to: test.example.com:9445
> ERROR: unable to set Cipher List
> ERROR: Exception = org.mozilla.jss.ssl.SSLSocketException: Failed to enable
> cipher 0xc001
> : (-12266) An unknown SSL cipher suite has been requested.
> in TestCertApprovalCallback.approve()
> Peer cert details:
> subject: CN=test.example.com,O=2010-04-30 23:48:30
> issuer: CN=test.example.com,O=2010-04-30 23:48:30
> serial: 0
> item 1 reason=-8156 depth=1
> cert details:
> subject: CN=test.example.com,O=2010-04-30 23:48:30
> issuer: CN=test.example.com,O=2010-04-30 23:48:30
> serial: 0
> item 2 reason=-8172 depth=1
> cert details:
> subject: CN=test.example.com,O=2010-04-30 23:48:30
> issuer: CN=test.example.com,O=2010-04-30 23:48:30
> serial: 0
> importing certificate.
> Connected.
> Posting Query =
> https://test.example.com:9445//ca/admin/console/config/login?pin=jJMsl21Np7mk6aHPOzm0&xml=true
> RESPONSE STATUS: HTTP/1.1 302 Moved Temporarily
> RESPONSE HEADER: Server: Apache-Coyote/1.1
> RESPONSE HEADER: Set-Cookie: JSESSIONID=BED7F647B4BFC9FC8BD9F7BCA4A5BF92;
> Path=/ca; Secure
> RESPONSE HEADER: Location:
> https://test.example.com:9445/ca/admin/console/config/wizard
> RESPONSE HEADER: Content-Type: text/html;charset=UTF-8
> RESPONSE HEADER: Content-Length: 0
> RESPONSE HEADER: Date: Fri, 30 Apr 2010 21:51:43 GMT
> RESPONSE HEADER: Connection: keep-alive
> xml returned:
> cookie list: JSESSIONID=BED7F647B4BFC9FC8BD9F7BCA4A5BF92; Path=/ca; Secure
> --- snip ---
>
More information about the Freeipa-users
mailing list