Hi List, I 'm running 389-DS : 389-ds-base-1.3.5.15-1.fc24.x86_64 with TLS enable and the following cfg , is the last update version of TLS supported in this version? i try using ( sslVersionMin: TLS1.1 and sslVersionMax: TLS2.0) but will not work, seems works for (sslVersionMin: TLS1.1 and sslVersionMax: TLS1.2)
dn: cn=encryption,cn=config objectClass: top objectClass: nsEncryptionConfig cn: encryption nsSSLSessionTimeout: 0 nsSSLClientAuth: allowed sslVersionMin: TLS1.0 sslVersionMax: TLS2.0 nsSSL3Ciphers: default allowWeakCipher: off nsKeyfile: alias/slapd*********** nsCertfile: alias/slapd*********
On 01/26/2017 10:53 AM, ghiureai wrote:
Hi List, I 'm running 389-DS : 389-ds-base-1.3.5.15-1.fc24.x86_64 with TLS enable and the following cfg , is the last update version of TLS supported in this version? i try using ( sslVersionMin: TLS1.1 and sslVersionMax: TLS2.0) but will not work, seems works for (sslVersionMin: TLS1.1 and sslVersionMax: TLS1.2)
I recommend not to set sslVersionMax. The Directory Server will automatically pick up the highest available version supported by the NSS library installed on the host. As you found out, TLS2.0 is not available yet. (I'd think TLS1.3 is still in the DRAFT.)
dn: cn=encryption,cn=config objectClass: top objectClass: nsEncryptionConfig cn: encryption nsSSLSessionTimeout: 0 nsSSLClientAuth: allowed sslVersionMin: TLS1.0 sslVersionMax: TLS2.0 nsSSL3Ciphers: default allowWeakCipher: off nsKeyfile: alias/slapd*********** nsCertfile: alias/slapd*********
389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
389-users@lists.fedoraproject.org
-
ghiureai -
Noriko Hosoi