On 05/07/2013 08:22 AM, Aziza Lichir wrote:

hey,
I'm facing now another issue: in wireshark i see that my server uses SSLv2 instead of SSLv3 and when i verify my config file I've found this:
dn: cn=encryption,cn=config
objectClass: top
objectClass: nsEncryptionConfig
cn: encryption
nsSSLSessionTimeout: 0
nsSSLClientAuth: allowed
nsSSL2: off
nsSSL3: on
creatorsName: cn=server,cn=plugins,cn=config
modifiersName: uid=root,ou=administrators,ou=topologymanagement,o=netscaperoot
createTimestamp: 20130426142057Z
modifyTimestamp: 20130506150854Z
nsSSL3Ciphers: +rsa_rc4_128_md5,+rsa_3des_sha,+fortezza_null,-rsa_null_md5,+fo
rtezza,+rsa_rc4_40_md5,+rsa_rc2_40_md5,+rsa_des_sha,+fortezza_rc4_128_sha,+tl
s_rsa_export1024_with_rc4_56_sha,+tls_rsa_export1024_with_des_cbc_sha
nsKeyfile: alias/slapd-srv-ds-38-key3.db
nsCertfile: alias/slapd-srv-ds-38-cert8.db
numSubordinates: 1

how this is possible??

What version of 389-ds-base? What platform?
Can you provide the output of openssl s_client -connect `hostname`:636 ?

___________________________________________________________

Aziza Lichir
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users