[Pki-users] Disable the cipher RC4 for the web interface
Christina Fu
cfu at redhat.com
Thu Apr 3 15:14:08 UTC 2014
Did you try turning on the strictCiphers and FIPS mode?
https://access.redhat.com/site/documentation/en-US/Red_Hat_Certificate_System/8.1/html-single/Deploy_and_Install_Guide/index.html
Search for the word "strictCiphers" and follow the instruction there.
For nss softtoken you just need to do steps 14, 15, and 16. Stop server
before you begin and start after you are done.
hope this helps,
Christina
On 04/03/2014 08:02 AM, Thibaut Pouzet wrote:
> Hi,
>
> I am currently using pki-ca v9.0.3-32 with FreeIPA v3.0.0.-37 on a
> CentOS 6.5 machine. I am scanning my internal networks in order to
> find vulnerabilities, and trying to fix anything I find. I have found
> that the HTTPS pki-ca administration interfaces listening on ports
> 9444 and 9445 were accepting what might be considered as weak ciphers
> (RC4) for data encryption.
>
> I removed those ciphers from /etc/pki-ca/server.xml, and then
> restarded the daemon, but this had no effects whatsoever on the
> ciphers availables on these SSL ports. I searched a bit around
> /etc/pki-ca/ and /var/lib/pki-ca/ but could not find where to make my
> changes in order to disable RC4 ciphers for those administration
> interfaces.
>
> I also searched on the Internet & asked on the IRC channel about this
> issue, with no succes, so here I am. Has anyone already found a way to
> do this ?
>
> Regards,
>
More information about the Pki-users
mailing list