[Freeipa-users] IPA vulnerability management SSL
Sean Hogan
schogan at us.ibm.com
Wed Apr 27 16:33:26 UTC 2016
Hi Martin,
Thanks for the response. We are at RHEL 6.7... getting the hits on 389
and 636 so its the Directory server ports which I assume is dse.ldif.
Sean Hogan
From: Martin Kosek <mkosek at redhat.com>
To: Sean Hogan/Durham/IBM at IBMUS, freeipa-users
<freeipa-users at redhat.com>
Date: 04/27/2016 01:43 AM
Subject: Re: [Freeipa-users] IPA vulnerability management SSL
On 04/27/2016 07:27 AM, Sean Hogan wrote:
> Hello,
>
> We currently have 7 ipa servers in multi master running:
>
> ipa-server-3.0.0-47.el6_7.1.x86_64
> 389-ds-base-1.2.11.15-68.el6_7.x86_64
>
> Tenable is showing the use of weak ciphers along with freak
vulnerabilities. I
> have followed
> https://access.redhat.com/solutions/675183 however issues remain in the
ciphers
> being used.
Can you show the full report, so that we can see what's wrong? What I am
looking for also is if the problem is LDAPS port or HTTPS port, so that we
are
not fixing wrong service.
DS ciphers were hardened in RHEL-6.x and RHEL-7.x already as part of this
bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1154687
Further hardening comes with FreeIPA 4.3.1+:
https://fedorahosted.org/freeipa/ticket/5684
https://fedorahosted.org/freeipa/ticket/5589
(it should appear in RHEL-7.3+)
Martin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160427/b5de7781/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160427/b5de7781/attachment.gif>
More information about the Freeipa-users
mailing list