On 12/01/2015 10:07 AM, ghiureai wrote:
Hi List,
we are tying to upgrade to 389-ds 1.3.4 from 1.2.2 , after rpm
installed and update the server , when restarting the DS geting the
following in DS errorlog, there is no such "entryallowWeakCipher" in
cfg file , what should we dissable see entries for this cn
http://www.port389.org/docs/389ds/design/nss-cipher-design.html
SSL alert: Cipher rsa_rc4_128_md5 is weak. It is enabled since
allowWeakCipher is "on" (default setting for the backward
compatibility). We strongly recommend to set it to "off". Please
replace the value of allowWeakCipher with "off" in the encryption
config entry cn=encryption,cn=config and restart the server.
dn: cn=encryption,cn=config
objectClass: top
objectClass: nsEncryptionConfig
cn: encryption
nsSSLSessionTimeout: 0
nsSSLClientAuth: allowed
nsSSL2: off
nsSSL3: off ----->>> This was on but turn to "off"
creatorsName: cn=server,cn=plugins,cn=config
modifiersName:
uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoo
t
createTimestamp: xxxxxxxxxxxxxxxx
modifyTimestamp:xxxxxxxxxxxxxxxxxxxx
nsSSL3Ciphers:
-rsa_null_md5,-rsa_null_sha,+rsa_rc4_128_md5,+rsa_rc4_40_md5,+r
sa_rc2_40_md5,+rsa_des_sha,+rsa_fips_des_sha,+rsa_3des_sha,+rsa_fips_3des_sha
,+fortezza,+fortezza_rc4_128_sha,+fortezza_null,+tls_rsa_export1024_with_rc4_
56_sha,+tls_rsa_aes_128_sha,+tls_rsa_aes_256_sha
xxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxx
Thank you for your time
Isabella
--
389 users mailing list
389-users@%(host_name)s
http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
--
389 users mailing list
389-users@%(host_name)s
http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
