On 01/26/2017 10:53 AM, ghiureai wrote:
Hi List,
I 'm running 389-DS :
389-ds-base-1.3.5.15-1.fc24.x86_64 with TLS enable and the following
cfg ,
is the last update version of TLS supported in this version?
i try using ( sslVersionMin: TLS1.1 and sslVersionMax: TLS2.0) but
will not work, seems works for (sslVersionMin: TLS1.1 and
sslVersionMax: TLS1.2)
I recommend not to set sslVersionMax. The Directory Server will
automatically pick up the highest available version supported by the NSS
library installed on the host. As you found out, TLS2.0 is not
available yet. (I'd think TLS1.3 is still in the DRAFT.)
dn: cn=encryption,cn=config
objectClass: top
objectClass: nsEncryptionConfig
cn: encryption
nsSSLSessionTimeout: 0
nsSSLClientAuth: allowed
sslVersionMin: TLS1.0
sslVersionMax: TLS2.0
nsSSL3Ciphers: default
allowWeakCipher: off
nsKeyfile: alias/slapd***********
nsCertfile: alias/slapd*********
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
