Is there a way to permanently disable SSLv3 in directory server? If I modify the dse.ldif file and set nssSSL3 to off this works until an admin goes through the gui and makes a change to the encryption cert and saves config. Once this happens SSLv3 is enabled again.
Hello,
What is the versions of your server and console? $ rpm -q 389-ds-base idm-console-framework 389-ds-console 389-ds-admin
On 12/30/2014 02:32 PM, John Trump wrote:
Is there a way to permanently disable SSLv3 in directory server? If I modify the dse.ldif file and set nssSSL3
When you made this modification, did you restart the server?
to off this works until an admin goes through the gui and makes a change to the encryption cert and saves config. Once this happens SSLv3 is enabled again.
If the answer to the above question is "yes", is it possible to repeat the operations with the audit log enabled ("nsslapd-auditlog-logging-enabled: on") and share the audit log (/var/log/dirsrv/slapd-YOURID/audit) with us? Thanks.
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
389-ds-base-1.2.11.25-1.el6.x86_64
idm-console-framework-1.1.7-2.el6.noarch
389-ds-console-1.2.6-1.el6.noarch
On Wed, Dec 31, 2014 at 8:49 PM, Noriko Hosoi nhosoi@redhat.com wrote:
Hello,
What is the versions of your server and console? $ rpm -q 389-ds-base idm-console-framework 389-ds-console 389-ds-admin
On 12/30/2014 02:32 PM, John Trump wrote:
Is there a way to permanently disable SSLv3 in directory server? If I modify the dse.ldif file and set nssSSL3
When you made this modification, did you restart the server?
to off this works until an admin goes through the gui and makes a change to the encryption cert and saves config. Once this happens SSLv3 is enabled again.
If the answer to the above question is "yes", is it possible to repeat the operations with the audit log enabled ("nsslapd-auditlog-logging-enabled: on") and share the audit log (/var/log/dirsrv/slapd-YOURID/audit) with us? Thanks.
-- 389 users mailing list389-users@lists.fedoraproject.orghttps://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
John,
FYI, I was able to reproduce this, and I opened this ticket:
https://fedorahosted.org/389/ticket/47994
Regards, Mark
On 01/05/2015 10:18 AM, John Trump wrote:
389-ds-base-1.2.11.25-1.el6.x86_64
idm-console-framework-1.1.7-2.el6.noarch
389-ds-console-1.2.6-1.el6.noarch
On Wed, Dec 31, 2014 at 8:49 PM, Noriko Hosoi <nhosoi@redhat.com mailto:nhosoi@redhat.com> wrote:
Hello, What is the versions of your server and console? $ rpm -q 389-ds-base idm-console-framework 389-ds-console 389-ds-admin On 12/30/2014 02:32 PM, John Trump wrote:Is there a way to permanently disable SSLv3 in directory server? If I modify the dse.ldif file and set nssSSL3When you made this modification, did you restart the server?to off this works until an admin goes through the gui and makes a change to the encryption cert and saves config. Once this happens SSLv3 is enabled again.If the answer to the above question is "yes", is it possible to repeat the operations with the audit log enabled ("nsslapd-auditlog-logging-enabled: on") and share the audit log (/var/log/dirsrv/slapd-YOURID/audit) with us? Thanks.-- 389 users mailing list 389-users@lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org> https://admin.fedoraproject.org/mailman/listinfo/389-users-- 389 users mailing list 389-users@lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org> https://admin.fedoraproject.org/mailman/listinfo/389-users-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Thank you.
On Tue, Jan 20, 2015 at 11:52 AM, Mark Reynolds mareynol@redhat.com wrote:
John,
FYI, I was able to reproduce this, and I opened this ticket:
https://fedorahosted.org/389/ticket/47994
Regards, Mark
On 01/05/2015 10:18 AM, John Trump wrote:
389-ds-base-1.2.11.25-1.el6.x86_64
idm-console-framework-1.1.7-2.el6.noarch
389-ds-console-1.2.6-1.el6.noarch
On Wed, Dec 31, 2014 at 8:49 PM, Noriko Hosoi nhosoi@redhat.com wrote:
Hello,
What is the versions of your server and console? $ rpm -q 389-ds-base idm-console-framework 389-ds-console 389-ds-admin
On 12/30/2014 02:32 PM, John Trump wrote:
Is there a way to permanently disable SSLv3 in directory server? If I modify the dse.ldif file and set nssSSL3
When you made this modification, did you restart the server?
to off this works until an admin goes through the gui and makes a change to the encryption cert and saves config. Once this happens SSLv3 is enabled again.
If the answer to the above question is "yes", is it possible to repeat the operations with the audit log enabled ("nsslapd-auditlog-logging-enabled: on") and share the audit log (/var/log/dirsrv/slapd-YOURID/audit) with us? Thanks.
-- 389 users mailing list389-users@lists.fedoraproject.orghttps://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list389-users@lists.fedoraproject.orghttps://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
389-users@lists.fedoraproject.org
-
John Trump -
Mark Reynolds -
Noriko Hosoi