Wednesday, April 21, 2021

[389-users] minssf and TLS cipher ordering

Hi All,

OS Version: CentOS 8
389-DS Version: from EPEL

I have a server set up with minssf=256 and have been surprised that either 389-DS, or openssl, does not appear to be doing what I would consider a logical TLS negotiation.

I had thought that the system would start with the strongest cipher and then negotiate down to something that was acceptable.

Instead, I'm finding that I have to nail up the ciphers to something that the 389-DS server both recognizes and is within the expected SSF.

Is this expected behavior or do I have something configured incorrectly?



Trevor Vaughan
Vice President, Onyx Point, Inc
(410) 541-6699 x788

-- This account not approved for unencrypted proprietary information --

No comments:

Post a Comment