Sorry for the noise, this appears to be related to or exactly the same as described in https://bugzilla.redhat.com/show_bug.cgi?id=151705 Regards > -----Original Message----- > From: 389-users-bounces@xxxxxxxxxxxxxxxxxxxxxxx [mailto:389-users- > bounces@xxxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Gerrard Geldenhuis > Sent: 03 March 2011 10:44 > To: 'General discussion list for the 389 Directory server project.' > Subject: Re: [389-users] Ciphers persistant after restart > > Did a little bit more digging, > > After restart > ~~~~~~~~~~~~~ > nsSSL3Ciphers: +rsa_rc4_128_md5,+rsa_3des_sha,-fortezza_null,- > rsa_null_md5,-fo > rtezza,-rsa_rc4_40_md5,-rsa_rc2_40_md5,- > rsa_des_sha,+fortezza_rc4_128_sha,-t > ls_rsa_export1024_with_rc4_56_sha,-tls_rsa_export1024_with_des_cbc_sha > > > audit log > ~~~~~~~~~ > replace: nsSSL3Ciphers > nsSSL3Ciphers: -rsa_rc2_40_md5,+rsa_rc4_128_md5,+rsa_3des_sha,- > rsa_rc4_40_md5, > -fips_des_sha,+fips_3des_sha,-rsa_des_sha,-rsa_null_md5 > > Original > ~~~~~~~~ > nsSSL3Ciphers: - > rsa_null_md5,+rsa_rc4_128_md5,+rsa_rc4_40_md5,+rsa_rc2_40_md5, > > +rsa_des_sha,+rsa_fips_des_sha,+rsa_3des_sha,+rsa_fips_3des_sha,+fortezz > a,+f > > ortezza_rc4_128_sha,+fortezza_null,+tls_rsa_export1024_with_rc4_56_sha,+t > ls_ > rsa_export1024_with_des_cbc_sha > > >From this I would conclude that the UI is doing its own thing... there is a lot > of other changes that get applied as well when you make cipher changes in > the UI. This would seem unnecessary at best and potentially problematic at > worst. > > Regards > > > > -----Original Message----- > > From: 389-users-bounces@xxxxxxxxxxxxxxxxxxxxxxx [mailto:389-users- > > bounces@xxxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Gerrard Geldenhuis > > Sent: 03 March 2011 10:07 > > To: General discussion list for the 389 Directory server project. > > (389- > > users@xxxxxxxxxxxxxxxxxxxxxxx) > > Subject: [389-users] Ciphers persistant after restart > > > > Hi > > Unfortunately I am stuck with a slightly older version of 389 at the > > moment so if this is fixed in a later version then great otherwise I > > include the details to try an reproduce. > > > > Versions: > > 389-admin-1.1.11-1.el5 > > 389-admin-console-1.1.5-1.el5 > > 389-admin-console-doc-1.1.5-1.el5 > > 389-adminutil-1.1.8-4.el5 > > 389-console-1.1.4-1.el5 > > 389-ds-1.2.1-1.el5 > > 389-ds-base-1.2.6.1-2.el5 > > 389-ds-console-1.2.3-1.el5 > > 389-ds-console-doc-1.2.3-1.el5 > > 389-dsgw-1.1.5-1.el5 > > > > Problem: > > Open admin console > > Select Encryption tab and then click on settings button. > > Select TLS tab and remove( uncheck) all ciphers below 128bits level > > Click Ok, and save Exit admin console Restart admin server > > > > Log into admin console again. > > The unchecked ciphers removed a moment ago is checked again... > > > > Monitoring the audit log does show that changes are being made, I need > > to go through it with a fine tooth comb though. > > > > Any thoughts on why this is happening, a bug a feature to protect > > against dumb users maybe? > > > > Regards > > > > > > > ___________________________________________________________________ > > _____ > > In order to protect our email recipients, Betfair Group use SkyScan > > from MessageLabs to scan all Incoming and Outgoing mail for viruses. > > > > > ___________________________________________________________________ > > _____ > > -- > > 389 users mailing list > > 389-users@xxxxxxxxxxxxxxxxxxxxxxx > > https://admin.fedoraproject.org/mailman/listinfo/389-users > > ___________________________________________________________________ > _____ > In order to protect our email recipients, Betfair Group use SkyScan from > MessageLabs to scan all Incoming and Outgoing mail for viruses. > > ___________________________________________________________________ > _____ > -- > 389 users mailing list > 389-users@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/389-users ________________________________________________________________________ In order to protect our email recipients, Betfair Group use SkyScan from MessageLabs to scan all Incoming and Outgoing mail for viruses. ________________________________________________________________________ -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
