I have tried to set this server to clear SecureWorks Vulnerabilities. This warning I do
not understand. I have the following in nss.conf:
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_nss documentation for a complete list.
NSSCipherSuite
+aes_128_sha_256,+aes_256_sha_256,+ecdhe_ecdsa_aes_128_gcm_sha_256,+ecdhe_ecdsa_aes_128_sha,+ecdhe_ecdsa_aes_256_gcm_sha_384,+ecdhe_ecdsa_aes_256_sha,+ecdhe_rsa_aes_128_gcm_sha_256,+ecdhe_rsa_aes_128_sha,+ecdhe_rsa_aes_256_gcm_sha_384,+ecdhe_rsa_aes_256_sha,+rsa_aes_128_gcm_sha_256,+rsa_aes_128_sha,+rsa_aes_256_gcm_sha_384,+rsa_aes_256_sha
# SSL Protocol:
NSSProtocol TLSv1.2
When I execute "openssl s_client -connect 127.0.0.1:636 -tlsv1 (or -tlsv1_1)"
I get a successful response of my certificate, a handshake, and a 0 return code.
SecureWorks reports "SSL/TLS Server supports TLSv1.0 port 636/tcp over SSL"
(LDAP port). What have I done wrong here? Would the syntax
NSSProtocol -ALL +TLSv1.2 work better?
Steven Auerbach
Assistant Director of Information Systems
Information Technology & Security
State University System of Florida
Board of Governors
325 W. Gaines Street
Tallahassee, Florida 32399
(850) 245-9592
www.flbog.edu<http://www.flbog.edu/>