What is the versions of your server and console?
$ rpm -q 389-ds-base idm-console-framework 389-ds-console 389-ds-admin

On 12/30/2014 02:32 PM, John Trump wrote:
Is there a way to permanently disable SSLv3 in directory server? If I modify the dse.ldif file and set nssSSL3
When you made this modification, did you restart the server?
to off this works until an admin goes through the gui and makes a change to the encryption cert and saves config. Once this happens SSLv3 is enabled again.
If the answer to the above question is "yes", is it possible to repeat the operations with the audit log enabled ("nsslapd-auditlog-logging-enabled: on") and share the audit log (/var/log/dirsrv/slapd-YOURID/audit) with us?  Thanks.

389 users mailing list