<html><body>Hi Martin, Thanks for the response. We are at RHEL 6.7... getting the hits on 389 and 636 so its the Directory server ports which I assume is dse.ldif. Sean Hogan <img width="16" height="16" src="cid:1__=88BBF531DFC751248f9e8a93df938690918c88B@" border="0" alt="Inactive hide details for Martin Kosek ---04/27/2016 01:43:30 AM---On 04/27/2016 07:27 AM, Sean Hogan wrote: > Hello,">Martin Kosek ---04/27/2016 01:43:30 AM---On 04/27/2016 07:27 AM, Sean Hogan wrote: > Hello, From: Martin Kosek <mkosek@redhat.com> To: Sean Hogan/Durham/IBM@IBMUS, freeipa-users <freeipa-users@redhat.com> Date: 04/27/2016 01:43 AM Subject: Re: [Freeipa-users] IPA vulnerability management SSL <hr width="100%" size="2" align="left" noshade style="color:#8091A5; "> <tt>On 04/27/2016 07:27 AM, Sean Hogan wrote: > Hello, > > We currently have 7 ipa servers in multi master running: > > ipa-server-3.0.0-47.el6_7.1.x86_64 > 389-ds-base-1.2.11.15-68.el6_7.x86_64 > > Tenable is showing the use of weak ciphers along with freak vulnerabilities. I > have followed > </tt><tt><a href="https://access.redhat.com/solutions/675183">https://access.redhat.com/solutions/675183</a></tt><tt> however issues remain in the ciphers > being used. Can you show the full report, so that we can see what's wrong? What I am looking for also is if the problem is LDAPS port or HTTPS port, so that we are not fixing wrong service. DS ciphers were hardened in RHEL-6.x and RHEL-7.x already as part of this bug: </tt><tt><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1154687">https://bugzilla.redhat.com/show_bug.cgi?id=1154687</a></tt><tt> Further hardening comes with FreeIPA 4.3.1+: </tt><tt><a href="https://fedorahosted.org/freeipa/ticket/5684">https://fedorahosted.org/freeipa/ticket/5684</a></tt><tt> </tt><tt><a href="https://fedorahosted.org/freeipa/ticket/5589">https://fedorahosted.org/freeipa/ticket/5589</a></tt><tt> (it should appear in RHEL-7.3+) Martin </tt> </body></html>