The default enabled ciphers configured by enabling SSL in the RHDS Admin Console contain unsupported ciphers
Issue
- When I use the redhat-idm-console to enable SSL support for a directory server, the ciphers as displayed in the attachment picture are used by default.
-
When I look at the LDIF in question which is being used, this is what happens:
replace: nsSSL3Ciphers nsSSL3Ciphers: -rsa_null_md5,-rsa_null_sha,+rsa_rc4_128_md5,+rsa_rc4_40_md5,+r sa_rc2_40_md5,+rsa_des_sha,+rsa_fips_des_sha,+rsa_3des_sha,+rsa_fips_3des_sha ,+fortezza,+fortezza_rc4_128_sha,+fortezza_null,+tls_rsa_export1024_with_rc4_ 56_sha,+tls_rsa_export1024_with_des_cbc_sha,+tls_rsa_aes_128_sha,+tls_rsa_aes _256_sha
-
When I restart the Directory Server using these settings, I get the following string of error messages in the error log:
[07/Oct/2015:16:57:21 +0200] - SSL alert: Cipher suite fortezza is not available in NSS 3.19. Ignoring fortezza [07/Oct/2015:16:57:21 +0200] - SSL alert: Cipher suite fortezza_rc4_128_sha is not available in NSS 3.19. Ignoring fortezza_rc4_128_sha [07/Oct/2015:16:57:21 +0200] - SSL alert: Cipher suite fortezza_null is not available in NSS 3.19. Ignoring fortezza_null
Environment
- Red Hat Directory Server (RHDS) 10.0
- 389-ds-base-1.3.3.1-20.el7_1
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.