[prev in list] [next in list] [prev in thread] [next in thread]
List: fedora-directory-users
Subject: =?utf-8?q?=5B389-users=5D?= minssf and TLS cipher ordering
From: Trevor Vaughan <tvaughan () onyxpoint ! com>
Date: 2021-04-21 17:52:14
Message-ID: CANs+FoU+0aKCG+1D48XNHvygi_5Z=oUk6xYUUREZ-UzZPo9Mww () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hi All,
OS Version: CentOS 8
389-DS Version: 1.4.3.22 from EPEL
I have a server set up with minssf=256 and have been surprised that either
389-DS, or openssl, does not appear to be doing what I would consider a
logical TLS negotiation.
I had thought that the system would start with the strongest cipher and
then negotiate down to something that was acceptable.
Instead, I'm finding that I have to nail up the ciphers to something that
the 389-DS server both recognizes and is within the expected SSF.
Is this expected behavior or do I have something configured incorrectly?
Thanks,
Trevor
--
Trevor Vaughan
Vice President, Onyx Point, Inc
(410) 541-6699 x788
-- This account not approved for unencrypted proprietary information --
[Attachment #5 (text/html)]
<div dir="ltr"><div>Hi All,</div><div><br></div><div>OS Version: CentOS \
8</div><div>389-DS Version: 1.4.3.22 from EPEL</div><div><br></div><div>I have a \
server set up with minssf=256 and have been surprised that either 389-DS, or openssl, \
does not appear to be doing what I would consider a logical TLS \
negotiation.</div><div><br></div><div>I had thought that the system would start with \
the strongest cipher and then negotiate down to something that was \
acceptable.</div><div><br></div><div>Instead, I'm finding that I have to nail up \
the ciphers to something that the 389-DS server both recognizes and is within the \
expected SSF.</div><div><br></div><div>Is this expected behavior or do I have \
something configured \
incorrectly?</div><div><br></div><div>Thanks,</div><div><br></div><div>Trevor<br></div><div><div><br>-- \
<br><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div \
dir="ltr"><div><div dir="ltr"><div>Trevor Vaughan<br>Vice President, Onyx Point, \
Inc<br></div><div>(410) 541-6699 x788<br></div><div><br>-- This account not approved \
for unencrypted proprietary information \
--</div></div></div></div></div></div></div></div>
[Attachment #6 (text/plain)]
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic