On Tue, 2016-07-19 at 06:53 -0500, Jean G Redfearn wrote: > Hi, > > I am having problems disabling the RC4 ciphers on the admin server. There are 3 tabs in the GUI separating SSL2, SSL3 and TLS. The TLS tab has 4 options, 2 of which involve RC4 ciphers. The GUI allows me to un-select the RC4 buttons and save. It presents a notice that the admin server needs to be restarted. After closing the GUI, I restart the admin server and log back into the GUI. Checking the ciphers on the admin server, the RC4 ciphers are enabled on the TLS tab. > In the console.conf for the admin server, NSSCipherSuite lists the SSL3 ciphers but I do not see any of the TLS ciphers listed in table 7.3 of the RH Dir. Serv. Admin guide (p312). > > To disable these ciphers can I just add "-tls_rsa_export1024_with_rc4_56_sha,-tls_dhe_dss_1024_r4_sha,-tlsdhe_dss_rc4_128_sha" to the NSSCipherSuite variable? Are you changing this on the dse.ldif, or the httpd.conf? Either way, you can do this as you say, by setting the minus parameters to: dn: cn=encryption,cn=config nsSSL3Ciphers: Or in the httpd nss.conf: NSSCipherSuite > > Thanks, > > > Jean Redfearn, CISSP, RHCE, GCIH > Raytheon Company > -- 389-users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://lists.fedoraproject.org/admin/lists/389-users@xxxxxxxxxxxxxxxxxxxxxxx -- Sincerely, William Brown Software Engineer Red Hat, Brisbane
Attachment:
signature.asc
Description: This is a digitally signed message part
-- 389-users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://lists.fedoraproject.org/admin/lists/389-users@xxxxxxxxxxxxxxxxxxxxxxx
