I have tried to set this server to clear SecureWorks Vulnerabilities. This warning I do not understand. I have the following in nss.conf: # SSL Cipher Suite: # List the ciphers that the client is permitted to negotiate. # See the mod_nss documentation for a complete list.
NSSCipherSuite +aes_128_sha_256,+aes_256_sha_256,+ecdhe_ecdsa_aes_128_gcm_sha_256,+ecdhe_ecdsa_aes_128_sha,+ecdhe_ecdsa_aes_256_gcm_sha_384,+ecdhe_ecdsa_aes_256_sha,+ecdhe_rsa_aes_128_gcm_sha_256,+ecdhe_rsa_aes_128_sha,+ecdhe_rsa_aes_256_gcm_sha_384,+ecdhe_rsa_aes_256_sha,+rsa_aes_128_gcm_sha_256,+rsa_aes_128_sha,+rsa_aes_256_gcm_sha_384,+rsa_aes_256_sha # SSL Protocol: NSSProtocol TLSv1.2 When I execute "openssl s_client -connect 127.0.0.1:636 -tlsv1 (or -tlsv1_1)" I get a successful response of my certificate, a handshake, and a 0 return code. SecureWorks reports "SSL/TLS Server supports TLSv1.0 port 636/tcp over SSL" (LDAP port). What have I done wrong here? Would the syntax NSSProtocol -ALL +TLSv1.2 work better? Steven Auerbach Assistant Director of Information Systems Information Technology & Security State University System of Florida Board of Governors 325 W. Gaines Street Tallahassee, Florida 32399 (850) 245-9592 www.flbog.edu<http://www.flbog.edu/>
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure