Re: [389-users] Remediating Encryption Levels

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Hi Gerrard,

here is what we do to disable the weak encryptions :

Admin server :
dn: cn=encryption, cn=configuration, cn=admin-serv-ldap-<id>, cn=389
administration server, cn=server

nsSSL2: off
nsSSL3: on
nsSSL2Ciphers: -des,-rc2export,-rc4export,-desede3,-rc4,-rc2
nsSSL3Ciphers: -rsa_rc2_40_md5,+rsa_rc4_128_md5,+rsa_3des_sha,-rsa_rc4_40_md5,

389 Server :
dn: cn=encryption,cn=config
changetype: modify
replace: nsSSL3
nsSSL3: on
replace: nsSSL3Ciphers
nsSSL3Ciphers: -rsa_null_md5,+rsa_rc4_128_md5,-rsa_rc4_40_md5,-rsa_rc2_40_md5,+rsa_des_sha,

I think it is possible to disable these algorithmes via console but i
have not tried...


2011/2/16 Gerrard Geldenhuis <Gerrard.Geldenhuis@xxxxxxxxxxx>:
> Hi
> I am currently testing this but would like to double up my testing with any other experiences in the list.
> A security scan has shown my test LDAP server to be vulnerable to weak SSL encryption. I have turned off all encryption levels below 128 bits in the Cipher Preference Dialog box for both the admin and dirsrv.
389 users mailing list

[Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Home]     [Fedora Tools]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Red Hat 9 Bible]     [Red Hat 9]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

Add to Google