Wednesday, March 30, 2016

[389-users] nsSSL3 warnings


I installed a new version of 389:

389-Directory/ B2016.063.1654

And I'm getting these warnings:

[30/Mar/2016:10:47:39 -0300] - SSL alert: Found unsecure configuration: nsSSL3: on; We strongly recommend to disable nsSSL3 in cn=encryption,cn=config.
[30/Mar/2016:10:47:39 -0300] - SSL alert: Configured range: min: TLS1.0, max: TLS1.2; but both nsSSL3 and nsTLS1 are on. Respect the supported range.

I already disabled nsSSL2 and nsSSL3:

dn: cn=encryption,cn=config
changetype: modify
replace: nsSSL2
nsSSL2: off
replace: nsSSL3
nsSSL3: off
replace: nsTLS1
nsTLS1: on

and confirmed that my server is only accepting TLS connections

Also tried to delete nsssl3ciphers:
dn: cn=encryption,cn=config
changetype: modify
delete: nsssl3ciphers

But it comes back.

Why I'm still getting these warnings even after to disable nsSSL2 and nsSSL3?


Alberto Viana

No comments:

Post a Comment