[prev in list] [next in list] [prev in thread] [next in thread]
List: fedora-directory-users
Subject: =?utf-8?q?=5B389-users=5D?= Re: Upgrading to TLSv1.2.. any caveats?
From: William Brown <wibrown () redhat ! com>
Date: 2016-08-23 22:02:00
Message-ID: 1471989720.4817.67.camel () redhat ! com
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
On Tue, 2016-08-23 at 17:53 +0000, wudadin2003@gmail.com wrote:
> I am looking into upgrading TLS to v1.2, This bi-directionally syncs with Active \
> Directory and I am wondering if there are any caveats to following this article: \
> http://directory.fedoraproject.org/docs/389ds/howto/howto-disable-sslv3.html for \
> the 389ds side
> Do i need to install a TLSv1.2 package onto my servers first?
>
> ~# openssl ciphers -s -tls1_2
> Error in cipher list
> 140350244230984:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher \
> match:ssl_lib.c:1314: ~#
>
> I am assuming that I do not have the supported ciphers.
>
> # rpm -qa 389*
> 389-ds-console-1.2.6-1.el6.noarch
> 389-ds-1.2.2-1.el6.noarch
> 389-ds-base-libs-1.2.11.15-48.el6_6.x86_64
> 389-dsgw-1.1.11-1.el6.x86_64
> 389-admin-console-1.1.8-1.el6.noarch
> 389-ds-console-doc-1.2.6-1.el6.noarch
> 389-console-1.1.7-1.el6.noarch
> 389-admin-1.1.35-1.el6.x86_64
> 389-admin-console-doc-1.1.8-1.el6.noarch
> 389-adminutil-1.1.19-1.el6.x86_64
> 389-ds-base-1.2.11.15-48.el6_6.x86_64
Provided you have the latest nss package, you should have TLS1.2
available (as I understand it). Can you list your nss package version?
--
Sincerely,
William Brown
Software Engineer
Red Hat, Brisbane
["signature.asc" (application/pgp-signature)]
[Attachment #6 (text/plain)]
--
389-users mailing list
389-users@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic