Peter Boguszewski pboguszewski@library.wisc.edu schrieb am 22.10.2014 um
23:08 in Nachricht 54481CBA.2080400@library.wisc.edu:
I am running into issues on RHEL 6.x servers (mix of 6.5 and now 6.6) when attempting to disable SSLv3. I have compiled the servers with the --with-tls=openssl option and communication appears to be working well between servers to matter what I have for SSL Protocol. My problems are with the clients.
For client configuration I install the openldap-clients package via yum install. Everything works as expected with this setting on the server side:
olcTLSCipherSuite: HIGH:+TLSv1.2:-TLSv1.1:-TLSv1.0:+SSLv3:-SSLv2
as soon as I modify the +SSLv3 to -SSLv3 to this:
olcTLSCipherSuite: HIGH:+TLSv1.2:-TLSv1.1:-TLSv1.0:-SSLv3:-SSLv2
the client no longer works. I have tried just about everything I can
Some (older) openssl versions have this feature:
List ciphers with a complete description of protocol version (SSLv2 or SSLv3; the latter includes TLS)
So you may disable TLS when trying to disable SSLv3, I guess.
Regards, Ulrich