On Tue, 2016-07-19 at 06:53 -0500, Jean G Redfearn wrote:
Hi,
I am having problems disabling the RC4 ciphers on the admin server. There are 3 tabs in
the GUI separating SSL2, SSL3 and TLS. The TLS tab has 4 options, 2 of which involve RC4
ciphers. The GUI allows me to un-select the RC4 buttons and save. It presents a notice
that the admin server needs to be restarted. After closing the GUI, I restart the admin
server and log back into the GUI. Checking the ciphers on the admin server, the RC4
ciphers are enabled on the TLS tab.
In the console.conf for the admin server, NSSCipherSuite lists the SSL3 ciphers but I do
not see any of the TLS ciphers listed in table 7.3 of the RH Dir. Serv. Admin guide
(p312).
To disable these ciphers can I just add
"-tls_rsa_export1024_with_rc4_56_sha,-tls_dhe_dss_1024_r4_sha,-tlsdhe_dss_rc4_128_sha"
to the NSSCipherSuite variable?
Are you changing this on the dse.ldif, or the httpd.conf?
Either way, you can do this as you say, by setting the minus parameters
to:
dn: cn=encryption,cn=config
nsSSL3Ciphers:
Or in the httpd nss.conf:
NSSCipherSuite
Thanks,
Jean Redfearn, CISSP, RHCE, GCIH
Raytheon Company
-- 389-users mailing list 389-users(a)lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject...
--
Sincerely,
William Brown
Software Engineer
Red Hat, Brisbane