[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: RedHat 6 & 7 disable TLSv1.0
Hello,
regarding this issue there are bugs opened:
https://bugzilla.redhat.com/show_bug.cgi?id=1249092
https://bugzilla.redhat.com/show_bug.cgi?id=1249093
https://bugzilla.redhat.com/show_bug.cgi?id=1375432
For further information, please, contact Red Hat Support.
I think this ITS case may be closed now as it is Red Hat specific.
Regards.
Gaurav Swami <swamigaurav90@gmail.com> writes:
> Hello,
>
> I have Redhat 6 where am trying to disable TLSv1.0 protocol.I have tried
> below configuration
>
> RHEL6
>
> -----------------------------------------
> [root@ldap1 ~]# rpm -qa | grep -we openldap -we openssl -we nss
> krb5-pkinit-openssl-1.10.3-10.el6_4.6.x86_64
> openldap-servers-2.4.40-12.el6.x86_64
> nss-util-3.21.0-2.el6.x86_64
> nss-3.21.0-8.el6.x86_64
> openssl-devel-1.0.1e-48.el6_8.1.x86_64
> openssl-1.0.1e-48.el6_8.1.x86_64
> openldap-clients-2.4.40-12.el6.x86_64
> nss-softokn-freebl-3.14.3-23.3.el6_8.x86_64
> nss-sysinit-3.21.0-8.el6.x86_64
> nss-tools-3.21.0-8.el6.x86_64
> openldap-2.4.40-12.el6.x86_64
>
> nss-softokn-3.14.3-23.3.el6_8.x86_64
> ----------------------------------------------------------------------------
>
> RHEL6 Configuration
>
> ----------------------------------------
> TLSProtocolMin 3.2
> TLSCipherSuite HIGH
> -----------------------------------------
>
> But still when I ran third party tool to check offered protocol am getting
>
> --> Testing protocols (via sockets except TLS 1.2 and SPDY/NPN)
>
> SSLv2 not offered (OK)
> SSLv3 not offered (OK)
> TLS 1 offered
> TLS 1.1 offered
> TLS 1.2 offered (OK)
> SPDY/NPN not offered
>
> --> Testing ~standard cipher lists
>
> TLSv1.0 is still offered ,I want to disable TLSv1.0 also
>
> Any suggestiosn?
>
>
>
> --
> Thanks & Regards,
> **Gaurav Swami**
--
Matus Honek
Associate Software Engineer @ Red Hat, Inc.