[Pki-users] Disable the cipher RC4 for the web interface
Thibaut Pouzet
thibaut.pouzet at lyra-network.com
Thu Apr 3 15:02:27 UTC 2014
Hi,
I am currently using pki-ca v9.0.3-32 with FreeIPA v3.0.0.-37 on a
CentOS 6.5 machine. I am scanning my internal networks in order to find
vulnerabilities, and trying to fix anything I find. I have found that
the HTTPS pki-ca administration interfaces listening on ports 9444 and
9445 were accepting what might be considered as weak ciphers (RC4) for
data encryption.
I removed those ciphers from /etc/pki-ca/server.xml, and then restarded
the daemon, but this had no effects whatsoever on the ciphers availables
on these SSL ports. I searched a bit around /etc/pki-ca/ and
/var/lib/pki-ca/ but could not find where to make my changes in order to
disable RC4 ciphers for those administration interfaces.
I also searched on the Internet & asked on the IRC channel about this
issue, with no succes, so here I am. Has anyone already found a way to
do this ?
Regards,
--
Thibaut Pouzet
More information about the Pki-users
mailing list