On Tue, 2016-08-23 at 17:53 +0000, wudadin2003@xxxxxxxxx wrote: > I am looking into upgrading TLS to v1.2, This bi-directionally syncs with Active Directory and I am wondering if there are any caveats to following this article: http://directory.fedoraproject.org/docs/389ds/howto/howto-disable-sslv3.html for the 389ds side > > Do i need to install a TLSv1.2 package onto my servers first? > > ~# openssl ciphers -s -tls1_2 > Error in cipher list > 140350244230984:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl_lib.c:1314: > ~# > > I am assuming that I do not have the supported ciphers. > > # rpm -qa 389* > 389-ds-console-1.2.6-1.el6.noarch > 389-ds-1.2.2-1.el6.noarch > 389-ds-base-libs-1.2.11.15-48.el6_6.x86_64 > 389-dsgw-1.1.11-1.el6.x86_64 > 389-admin-console-1.1.8-1.el6.noarch > 389-ds-console-doc-1.2.6-1.el6.noarch > 389-console-1.1.7-1.el6.noarch > 389-admin-1.1.35-1.el6.x86_64 > 389-admin-console-doc-1.1.8-1.el6.noarch > 389-adminutil-1.1.19-1.el6.x86_64 > 389-ds-base-1.2.11.15-48.el6_6.x86_64 Provided you have the latest nss package, you should have TLS1.2 available (as I understand it). Can you list your nss package version? -- Sincerely, William Brown Software Engineer Red Hat, Brisbane
Attachment:
signature.asc
Description: This is a digitally signed message part
-- 389-users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://lists.fedoraproject.org/admin/lists/389-users@xxxxxxxxxxxxxxxxxxxxxxx
