directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lemp, Dustin" <dl...@jeffco.edu>
Subject Re: Disabling SSLv3 Issues
Date Fri, 24 Feb 2017 13:12:27 GMT
Thank you very much!  I used

olcTLSProtocolMin: 3.2
olcTLSCipherSuite: HIGH:MEDIUM:!ADH:!MD5:!RC4

 And that seems to have fixed my issues!

_______________________________
Dustin Lemp
Systems Analyst
Jefferson College
636-481-3477

On Wed, Feb 22, 2017 at 12:32 AM, Martin Schuster (IFKL IT OS DC CD) <
martin.schuster1@infineon.com> wrote:

> I'm not sure how this is handled by Apache Directory, but usually there
> are 2 different settings you mustn't confuse:
>
> CipherSuite selects the available /ciphers/; there are a lot of "SSL3"
> ciphers that are still okay to use. If you disable all of them, it's
> quite possible that clients can't connect anymore.
> Try "openssl ciphers -v SSLv3" to get a list.
>
> There should also be another setting to control the minimum protocol
> level ("olcTLSProtocolMin" for OpenLDAP, "SSLProtocol" for Apache
> httpd). This allows you to disable e.g. SSLv3 and below, it is the one
> you need to change!
>
> hth, cheers,
> --
> Infineon Technologies IT-Services GmbH     Martin.Schuster1@infineon.com
> Lakeside B05, 9020 Klagenfurt, Austria     Martin Schuster
>          FB: LG Klagenfurt, FN 246787y     +43 5 1777 3517
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message