FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Directory

 
 
LinkBack Thread Tools
 
Old 03-03-2011, 09:44 AM
Gerrard Geldenhuis
 
Default Ciphers persistant after restart

Did a little bit more digging,

After restart
~~~~~~~~~~~~~
nsSSL3Ciphers: +rsa_rc4_128_md5,+rsa_3des_sha,-fortezza_null,-rsa_null_md5,-fo
rtezza,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_des_sha,+fortezza_rc4_128_sha,-t
ls_rsa_export1024_with_rc4_56_sha,-tls_rsa_export1024_with_des_cbc_sha


audit log
~~~~~~~~~
replace: nsSSL3Ciphers
nsSSL3Ciphers: -rsa_rc2_40_md5,+rsa_rc4_128_md5,+rsa_3des_sha,-rsa_rc4_40_md5,
-fips_des_sha,+fips_3des_sha,-rsa_des_sha,-rsa_null_md5

Original
~~~~~~~~
nsSSL3Ciphers: -rsa_null_md5,+rsa_rc4_128_md5,+rsa_rc4_40_md5,+rsa _rc2_40_md5,
+rsa_des_sha,+rsa_fips_des_sha,+rsa_3des_sha,+rsa_ fips_3des_sha,+fortezza,+f
ortezza_rc4_128_sha,+fortezza_null,+tls_rsa_export 1024_with_rc4_56_sha,+tls_
rsa_export1024_with_des_cbc_sha

>From this I would conclude that the UI is doing its own thing... there is a lot of other changes that get applied as well when you make cipher changes in the UI. This would seem unnecessary at best and potentially problematic at worst.

Regards


> -----Original Message-----
> From: 389-users-bounces@lists.fedoraproject.org [mailto:389-users-
> bounces@lists.fedoraproject.org] On Behalf Of Gerrard Geldenhuis
> Sent: 03 March 2011 10:07
> To: General discussion list for the 389 Directory server project. (389-
> users@lists.fedoraproject.org)
> Subject: [389-users] Ciphers persistant after restart
>
> Hi
> Unfortunately I am stuck with a slightly older version of 389 at the moment
> so if this is fixed in a later version then great otherwise I include the details
> to try an reproduce.
>
> Versions:
> 389-admin-1.1.11-1.el5
> 389-admin-console-1.1.5-1.el5
> 389-admin-console-doc-1.1.5-1.el5
> 389-adminutil-1.1.8-4.el5
> 389-console-1.1.4-1.el5
> 389-ds-1.2.1-1.el5
> 389-ds-base-1.2.6.1-2.el5
> 389-ds-console-1.2.3-1.el5
> 389-ds-console-doc-1.2.3-1.el5
> 389-dsgw-1.1.5-1.el5
>
> Problem:
> Open admin console
> Select Encryption tab and then click on settings button.
> Select TLS tab and remove( uncheck) all ciphers below 128bits level Click Ok,
> and save Exit admin console Restart admin server
>
> Log into admin console again.
> The unchecked ciphers removed a moment ago is checked again...
>
> Monitoring the audit log does show that changes are being made, I need to
> go through it with a fine tooth comb though.
>
> Any thoughts on why this is happening, a bug a feature to protect against
> dumb users maybe?
>
> Regards
>
>
> __________________________________________________ _________________
> _____
> In order to protect our email recipients, Betfair Group use SkyScan from
> MessageLabs to scan all Incoming and Outgoing mail for viruses.
>
> __________________________________________________ _________________
> _____
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users

__________________________________________________ ______________________
In order to protect our email recipients, Betfair Group use SkyScan from
MessageLabs to scan all Incoming and Outgoing mail for viruses.

__________________________________________________ ______________________
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 03-03-2011, 10:54 AM
Gerrard Geldenhuis
 
Default Ciphers persistant after restart

Sorry for the noise, this appears to be related to or exactly the same as described in
https://bugzilla.redhat.com/show_bug.cgi?id=151705

Regards

> -----Original Message-----
> From: 389-users-bounces@lists.fedoraproject.org [mailto:389-users-
> bounces@lists.fedoraproject.org] On Behalf Of Gerrard Geldenhuis
> Sent: 03 March 2011 10:44
> To: 'General discussion list for the 389 Directory server project.'
> Subject: Re: [389-users] Ciphers persistant after restart
>
> Did a little bit more digging,
>
> After restart
> ~~~~~~~~~~~~~
> nsSSL3Ciphers: +rsa_rc4_128_md5,+rsa_3des_sha,-fortezza_null,-
> rsa_null_md5,-fo
> rtezza,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-
> rsa_des_sha,+fortezza_rc4_128_sha,-t
> ls_rsa_export1024_with_rc4_56_sha,-tls_rsa_export1024_with_des_cbc_sha
>
>
> audit log
> ~~~~~~~~~
> replace: nsSSL3Ciphers
> nsSSL3Ciphers: -rsa_rc2_40_md5,+rsa_rc4_128_md5,+rsa_3des_sha,-
> rsa_rc4_40_md5,
> -fips_des_sha,+fips_3des_sha,-rsa_des_sha,-rsa_null_md5
>
> Original
> ~~~~~~~~
> nsSSL3Ciphers: -
> rsa_null_md5,+rsa_rc4_128_md5,+rsa_rc4_40_md5,+rsa _rc2_40_md5,
>
> +rsa_des_sha,+rsa_fips_des_sha,+rsa_3des_sha,+rsa_ fips_3des_sha,+fortezz
> a,+f
>
> ortezza_rc4_128_sha,+fortezza_null,+tls_rsa_export 1024_with_rc4_56_sha,+t
> ls_
> rsa_export1024_with_des_cbc_sha
>
> >From this I would conclude that the UI is doing its own thing... there is a lot
> of other changes that get applied as well when you make cipher changes in
> the UI. This would seem unnecessary at best and potentially problematic at
> worst.
>
> Regards
>
>
> > -----Original Message-----
> > From: 389-users-bounces@lists.fedoraproject.org [mailto:389-users-
> > bounces@lists.fedoraproject.org] On Behalf Of Gerrard Geldenhuis
> > Sent: 03 March 2011 10:07
> > To: General discussion list for the 389 Directory server project.
> > (389-
> > users@lists.fedoraproject.org)
> > Subject: [389-users] Ciphers persistant after restart
> >
> > Hi
> > Unfortunately I am stuck with a slightly older version of 389 at the
> > moment so if this is fixed in a later version then great otherwise I
> > include the details to try an reproduce.
> >
> > Versions:
> > 389-admin-1.1.11-1.el5
> > 389-admin-console-1.1.5-1.el5
> > 389-admin-console-doc-1.1.5-1.el5
> > 389-adminutil-1.1.8-4.el5
> > 389-console-1.1.4-1.el5
> > 389-ds-1.2.1-1.el5
> > 389-ds-base-1.2.6.1-2.el5
> > 389-ds-console-1.2.3-1.el5
> > 389-ds-console-doc-1.2.3-1.el5
> > 389-dsgw-1.1.5-1.el5
> >
> > Problem:
> > Open admin console
> > Select Encryption tab and then click on settings button.
> > Select TLS tab and remove( uncheck) all ciphers below 128bits level
> > Click Ok, and save Exit admin console Restart admin server
> >
> > Log into admin console again.
> > The unchecked ciphers removed a moment ago is checked again...
> >
> > Monitoring the audit log does show that changes are being made, I need
> > to go through it with a fine tooth comb though.
> >
> > Any thoughts on why this is happening, a bug a feature to protect
> > against dumb users maybe?
> >
> > Regards
> >
> >
> >
> __________________________________________________ _________________
> > _____
> > In order to protect our email recipients, Betfair Group use SkyScan
> > from MessageLabs to scan all Incoming and Outgoing mail for viruses.
> >
> >
> __________________________________________________ _________________
> > _____
> > --
> > 389 users mailing list
> > 389-users@lists.fedoraproject.org
> > https://admin.fedoraproject.org/mailman/listinfo/389-users
>
> __________________________________________________ _________________
> _____
> In order to protect our email recipients, Betfair Group use SkyScan from
> MessageLabs to scan all Incoming and Outgoing mail for viruses.
>
> __________________________________________________ _________________
> _____
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users

__________________________________________________ ______________________
In order to protect our email recipients, Betfair Group use SkyScan from
MessageLabs to scan all Incoming and Outgoing mail for viruses.

__________________________________________________ ______________________
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 

Thread Tools




All times are GMT. The time now is 02:53 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org