On Tue, 2016-08-23 at 17:53 +0000, wudadin2003@gmail.com wrote:
> I am looking into upgrading TLS to v1.2, This bi-directionally syncs with Active Directory and I am wondering if there are any caveats to following this article: http://directory.fedoraproject.org/docs/389ds/howto/howto-disable-sslv3.html for the 389ds side
>
> Do i need to install a TLSv1.2 package onto my servers first?
>
> ~# openssl ciphers -s -tls1_2
> Error in cipher list
> 140350244230984:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl_lib.c:1314:
> ~#
>
> I am assuming that I do not have the supported ciphers.
>
> # rpm -qa 389*
> 389-ds-console-1.2.6-1.el6.noarch
> 389-ds-1.2.2-1.el6.noarch
> 389-ds-base-libs-1.2.11.15-48.el6_6.x86_64
> 389-dsgw-1.1.11-1.el6.x86_64
> 389-admin-console-1.1.8-1.el6.noarch
> 389-ds-console-doc-1.2.6-1.el6.noarch
> 389-console-1.1.7-1.el6.noarch
> 389-admin-1.1.35-1.el6.x86_64
> 389-admin-console-doc-1.1.8-1.el6.noarch
> 389-adminutil-1.1.19-1.el6.x86_64
> 389-ds-base-1.2.11.15-48.el6_6.x86_64
Provided you have the latest nss package, you should have TLS1.2
available (as I understand it). Can you list your nss package version?
--
Sincerely,
William Brown
Software Engineer
Red Hat, Brisbane
No comments:
Post a Comment