Hello,
On 10/15/2014 04:58 PM, Rich Megginson wrote:
is http://poodlebleed.com/ related to 389? I think it is, this is not
implementation flaw in OpenSSL, this seems to be related to the SSLv3
design.
By not commenting this, I assume that. Yes. This bug is relevant even to
389.
I've found:
http://directory.fedoraproject.org/docs/389ds/design/nss-cipher-design.html
but new syntax with -SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA doesn't seem
to be working on my system:
The new syntax might not yet be supported on 1.2.11 (el5)
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Managing_SSL-Setting_Security_Preferences.html
For 1.2.11.28-1.el5 I've succeeded with this setting:
nsSSL2: off
nsSSL3: off
nsSSL3Ciphers: +all, -rsa_rc4_40_md5, -rsa_rc2_40_md5, -rsa_des_sha,
-dhe_dss_des_sha, -rsa_rc4_128_md5, -fortezza_rc4_128_sha,
-tls_dhe_dss_rc4_128_sha, -tls_rsa_export1024_with_rc4_56_sha,
-tls_dhe_dss_1024_rc4_sha, -tls_dhe_rsa_aes_128_sha,
-tls_dhe_dss_aes_128_sha
Thanks
--
-----------------------
Jan Tomasek aka Semik
http://www.tomasek.cz/
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
