Our new DS env is running: 389-ds-base-libs-1.3.9.1-10.el7.x86_64 389-ds-base-1.3.9.1-10.el7.x86_64 After DS was upgrade to above version seeing this error when restarting the DS, we have another host with same version and suppose same cfg but never saw the error, please advise a fix for this issue in this version: Thank you ERR - Security Initialization - _conf_setallciphers - Failed to get the default state of cipher (null) [24/Jun/2020:09:22:54.686777541 -0700] - ERR - Security Initialization - _conf_setallciphers - Failed to get the default state of cipher (null) [24/Jun/2020:09:22:54.687024072 -0700] - ERR - Security Initialization - _conf_setallciphers - Failed to get the default state of cipher (null) [ [24/Jun/2020:09:22:54.688953359 -0700] - INFO - Security Initialization - SSL info: Enabling default cipher set. [24/Jun/2020:09:22:54.689229153 -0700] - INFO - Security Initialization - SSL info: Configured NSS Ciphers
I will let others confirm, but the message "_conf_setallciphers - Failed to get the default state of cipher" may not be an actual error, but more a warning that could be ignored, as the the default ciphers are configured later, per the log entries provided. Could you add the nss package version, as well as the details from the entry rpm -q nss nspr ldapsearch -LLLxD 'cn=directory manager' -W -b cn=encryption,cn=config -s base sslVersionMin sslVersionMax allowWeakCipher nsSSL3Ciphers nsSSLSupportedCiphers nsSSLEnabledCiphers ? Thanks, M.
On Wed, Jun 24, 2020 at 9:57 AM Ghiurea, Isabella < Isabella.Ghiurea@nrc-cnrc.gc.ca> wrote:
Our new DS env is running:
389-ds-base-libs-1.3.9.1-10.el7.x86_64
389-ds-base-1.3.9.1-10.el7.x86_64
After DS was upgrade to above version seeing this error when restarting the DS, we have another host with same version and suppose same cfg but never saw the error, please advise a fix for this issue in this version:
Thank you
ERR - Security Initialization - _conf_setallciphers - Failed to get the default state of cipher (null)
[24/Jun/2020:09:22:54.686777541 -0700] - ERR - Security Initialization - _conf_setallciphers - Failed to get the default state of cipher (null)
[24/Jun/2020:09:22:54.687024072 -0700] - ERR - Security Initialization - _conf_setallciphers - Failed to get the default state of cipher (null)
[
[24/Jun/2020:09:22:54.688953359 -0700] - INFO - Security Initialization - SSL info: Enabling default cipher set.
[24/Jun/2020:09:22:54.689229153 -0700] - INFO - Security Initialization - SSL info: Configured NSS Ciphers _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
we have another host with same version and suppose same cfg but never saw the error,
[24/Jun/2020:09:22:54.687024072 -0700] - ERR - Security Initialization - _conf_setallciphers - Failed to get the default state of cipher (null)
I'm curious - how did you make a host with the same config? Normally with 389 you need to configure both individually to look the same but you can't copy-paste config files etc.
My guess here is that perhaps your nss db isn't configured properly, so I'd want to see the output of certutil -L -d /etc/dirsrv/slapd-<instance>/ on the affected host.
— Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server SUSE Labs
389-users@lists.fedoraproject.org