[prev in list] [next in list] [prev in thread] [next in thread] 

List:       fedora-directory-users
Subject:    =?utf-8?q?=5B389-users=5D?= Re: Upgrading to TLSv1.2.. any caveats?
From:       William Brown <wibrown () redhat ! com>
Date:       2016-08-23 22:02:00
Message-ID: 1471989720.4817.67.camel () redhat ! com
[Download RAW message or body]

[Attachment #2 (multipart/signed)]


On Tue, 2016-08-23 at 17:53 +0000, wudadin2003@gmail.com wrote:
> I am looking into upgrading TLS to v1.2, This bi-directionally syncs with Active \
> Directory and I am wondering if there are any caveats to following this article: \
> http://directory.fedoraproject.org/docs/389ds/howto/howto-disable-sslv3.html for \
> the 389ds side 
> Do i need to install a TLSv1.2 package onto my servers first? 
> 
> ~# openssl ciphers -s -tls1_2
> Error in cipher list
> 140350244230984:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher \
> match:ssl_lib.c:1314: ~#
> 
> I am assuming that I do not have the supported ciphers.
> 
> # rpm -qa 389*
> 389-ds-console-1.2.6-1.el6.noarch
> 389-ds-1.2.2-1.el6.noarch
> 389-ds-base-libs-1.2.11.15-48.el6_6.x86_64
> 389-dsgw-1.1.11-1.el6.x86_64
> 389-admin-console-1.1.8-1.el6.noarch
> 389-ds-console-doc-1.2.6-1.el6.noarch
> 389-console-1.1.7-1.el6.noarch
> 389-admin-1.1.35-1.el6.x86_64
> 389-admin-console-doc-1.1.8-1.el6.noarch
> 389-adminutil-1.1.19-1.el6.x86_64
> 389-ds-base-1.2.11.15-48.el6_6.x86_64

Provided you have the latest nss package, you should have TLS1.2
available (as I understand it). Can you list your nss package version?


-- 
Sincerely,

William Brown
Software Engineer
Red Hat, Brisbane


["signature.asc" (application/pgp-signature)]
[Attachment #6 (text/plain)]

--
389-users mailing list
389-users@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org


[prev in list] [next in list] [prev in thread] [next in thread]