You probably want to disable SSLv3 on the admin server too. Add the
following line to /etc/dirsrv/admin-serv/console.conf:
NSSProtocol TLSv1.0,TLSv1.1
Documentation here:
https://git.fedorahosted.org/cgit/mod_nss.git/plain/docs/mod_nss.html
Regarding the directory server, I didn't find nsTLS1
On 10/17/2014 02:55 AM, Paul Tobias wrote:
You probably want to disable SSLv3 on the admin server too. Add the
following line to /etc/dirsrv/admin-serv/console.conf:
NSSProtocol TLSv1.0,TLSv1.1
Documentation here:
https://git.fedorahosted.org/cgit/mod_nss.git/plain/docs/mod_nss.html
update… this advice (quoted below) ended up being the simplest path to take.
Please note on none of my DS was nsTLS1 an existing attribute so I had to add
this attribute to the cn=encryption,cn=config object. I had to do a “service
dirsrv restart” as doing a restart from console would only
Hello,
is http://poodlebleed.com/ related to 389? I think it is, this is not
implementation flaw in OpenSSL, this seems to be related to the SSLv3
design.
I've found:
http://directory.fedoraproject.org/docs/389ds/design/nss-cipher-design.html
but new syntax with
On 10/15/2014 08:16 AM, Jan Tomasek wrote:
Hello,
is http://poodlebleed.com/ related to 389? I think it is, this is not
implementation flaw in OpenSSL, this seems to be related to the SSLv3
design.
I've found:
http://directory.fedoraproject.org/docs/389ds/design/nss-cipher-design.html
Hello,
On 10/15/2014 04:58 PM, Rich Megginson wrote:
is http://poodlebleed.com/ related to 389? I think it is, this is not
implementation flaw in OpenSSL, this seems to be related to the SSLv3
design.
By not commenting this, I assume that. Yes. This bug is relevant even to
389.
I've
On 10/15/2014 8:16 AM, Jan Tomasek wrote:
is http://poodlebleed.com/ related to 389? I think it is, this is not
implementation flaw in OpenSSL, this seems to be related to the SSLv3
design.
From
Hi David (et al),
what is the right way to do this in the DS? (i am on 1.2.11.32)
i see under cn=config there is cn=encryption and there are nsSSL3Ciphers and
nsSSLSupportCiphers (lots of these). The documentation just shows the simple
on/off for SSL/TLS.
For me, my admin server has SSL on