[Freeipa-users] How to turn off RC4 in 389ds???
Martin Kosek
mkosek at redhat.com
Wed Sep 23 10:35:17 UTC 2015
On 09/23/2015 11:00 AM, Michael Lasevich wrote:
> OK, this is most bizarre issue,
>
> I am trying to disable RC4 based TLS Cipher Suites in LDAPs(port 636) and
> for the life of me cannot get it to work
>
> I have followed many nearly identical instructions to create ldif file and
> change "nsSSL3Ciphers" in "cn=encryption,cn=config". Seems simple enough -
> and I get it to take, and during the startup I can see the right SSL Cipher
> Suites listed in errors.log - but when it starts and I probe it, RC4
> ciphers are still there. I am completely confused.
>
> I tried setting "nsSSL3Ciphers" to "default" (which does not have "RC4")
> and to old style cyphers lists(lowercase), and new style cypher
> lists(uppercase), and nothing seems to make any difference.
>
> Any ideas?
>
> -M
Are you asking about standalone 389-DS or the one integrated in FreeIPA? As
with currently supported versions of FreeIPA, RC4 ciphers should be already
gone, AFAIK.
In RHEL/CentOS world, it should be fixed in 6.7/7.1 or later:
https://bugzilla.redhat.com/show_bug.cgi?id=1154687
https://fedorahosted.org/freeipa/ticket/4653
More information about the Freeipa-users
mailing list