I have been able to force NSSProtocol to TLSv1.2 on the web service of this IPA server in
the nss.conf. But I am receiving a Threat Assessment Hit (SecureWorks) that TLSv1.0 is
open on port 636/TCP. I attempted to manually edit the
/etc/dirsrv/slapd-<domain>/dse.ldif file, but once I made that change it broke the
389Directory and it would not start.
What is the proper way to change the overall openssl configuration to set the ssl_min
toTLSv1.2?
Thanks.
Steven Auerbach
Assistant Director of Information Systems
Information Technology & Security
State University System of Florida
Board of Governors
325 W. Gaines Street
Tallahassee, Florida 32399
(850) 245-9592
www.flbog.edu<http://www.flbog.edu/>