[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Openldap and sssd: getting slapd to do TLS negotiation or getting sssd to NOT do TLS negotiation

To: Robert Heller <heller@deepsoft.com>
Subject: Re: Openldap and sssd: getting slapd to do TLS negotiation or getting sssd to NOT do TLS negotiation
From: Quanah Gibson-Mount <quanah@symas.com>
Date: Fri, 29 Sep 2017 11:18:58 -0700
Cc: brendan kearney <bpk678@gmail.com>, m.wandel@t-online.de, openldap-technical@openldap.org
Content-disposition: inline
In-reply-to: <WM!f26b3d20dc4f8c720b2d5e762e3833efd00d649e63e2ae2b20ec36e8d82e8db2d23103f71fd30147314266bcf4832784!@mailstronghold-1.zmailcloud.com>
References: <20170928170817.DE268732A40@sharky3.deepsoft.com> <WM!3841d97ef9fe61874abde790669c89cda7491f751a8d1d42d6fedcad23ad03723369227f2cf988e1296a97f7d1455a45!@mailstronghold-2.zmailcloud.com> <3631C46B10C6A6D96C92A6CA@192.168.1.30> <20170928183434.C52377323F2@sharky3.deepsoft.com> <WM!d02d61414b21d1174b6888ab449c4269fa38d934004f76ade936b18cd00ea29eb903d4c22a82e75a76373bb72667b68d!@mailstronghold-3.zmailcloud.com> <5A6DACC51CF6F5156270C77F@192.168.1.30> <20170928194148.9B6D973231B@sharky3.deepsoft.com> <15356c29-f750-6f54-3e08-e5ad268233c9@t-online.de> <CAARxGtjJR5ZFTQd1aCpuPn_dcHdeSVJXxXC=JSRTmL2N7uTyMw@mail.gmail.com> <20170929135940.D4B617321AF@sharky3.deepsoft.com> <CAARxGtjmW9FU5kZqJHXPsUy-mmvtiZ8zcxC8gKyS3WYZdjEXdA@mail.gmail.com> <20170929160717.29C67732141@sharky3.deepsoft.com> <WM!42bd67f9720a65826e770d6d912c9a63fe6bbaf27b7948988128bea2c9709b8a458b6871a6be0263f43e3928fbab6cde!@mailstronghold-3.zmailcloud.com> <CDE48413F5BB32512D3D3002@[192.168.1.30]> <20170929171738.B84A7732293@sharky3.deepsoft.com> <WM!a9e5f8343dae80aabf2b97eaa47d7610007010d4920c179c44c1c3346d0a9afded48b7007ece1ad667266f19a0dbfd50!@mailstronghold-1.zmailcloud.com> <B22FBEBB59ED118C0C60D7D9@[192.168.1.30]> <WM!f26b3d20dc4f8c720b2d5e762e3833efd00d649e63e2ae2b20ec36e8d82e8db2d23103f71fd30147314266bcf4832784!@mailstronghold-1.zmailcloud.com>

--On Friday, September 29, 2017 11:29 AM -0700 Quanah Gibson-Mount<quanah@symas.com> wrote:

--On Friday, September 29, 2017 2:17 PM -0400 Robert Heller
<heller@deepsoft.com> wrote:

    Signature Algorithm: sha1WithRSAEncryption


The above is probably your problem.  I believe MozNSS will no longer
accept SHA1 certs.  This was in the link I sent you yesterday.  Generate
a more secure cert (I.e., SHA256 or higher).


See also: <https://access.redhat.com/blogs/766093/posts/3050871>

where SHA1 is explicitly noted as being phased out.

--Quanah

--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>

References:
- Openldap and sssd: getting slapd to do TLS negotiation or getting sssd to NOT do TLS negotiation
  - From: Robert Heller <heller@deepsoft.com>
- Re: Openldap and sssd: getting slapd to do TLS negotiation or getting sssd to NOT do TLS negotiation
  - From: Robert Heller <heller@deepsoft.com>
- Re: Openldap and sssd: getting slapd to do TLS negotiation or getting sssd to NOT do TLS negotiation
  - From: Robert Heller <heller@deepsoft.com>
- Re: Openldap and sssd: getting slapd to do TLS negotiation or getting sssd to NOT do TLS negotiation
  - From: Michael Wandel <m.wandel@t-online.de>
- Re: Openldap and sssd: getting slapd to do TLS negotiation or getting sssd to NOT do TLS negotiation
  - From: brendan kearney <bpk678@gmail.com>
- Re: Openldap and sssd: getting slapd to do TLS negotiation or getting sssd to NOT do TLS negotiation
  - From: brendan kearney <bpk678@gmail.com>
- Re: Openldap and sssd: getting slapd to do TLS negotiation or getting sssd to NOT do TLS negotiation
  - From: Quanah Gibson-Mount <quanah@symas.com>
- Re: Openldap and sssd: getting slapd to do TLS negotiation or getting sssd to NOT do TLS negotiation
  - From: Quanah Gibson-Mount <quanah@symas.com>

Prev by Date: Re: Openldap and sssd: getting slapd to do TLS negotiation or getting sssd to NOT do TLS negotiation
Next by Date: Re: Openldap periodic cpu spikes in one of the servers in two node MMR
Index(es):
- Chronological
- Thread