Configure 389ds with "default" cipher suite

nsSSLCiphers: "default" provides only secure ciphers that should be used when connecting to DS https://fedorahosted.org/freeipa/ticket/5684 Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
author: Martin Basti <mbasti@redhat.com> 2016-03-03 17:39:34 +0100
committer: Martin Basti <mbasti@redhat.com> 2016-03-09 10:04:58 +0100
commit: dd86f83c96961390f756e35496447d6aeae64df6 (patch)
tree: cb743f6370eaa2534d2d505343a702f390cbfc3d /install/updates
parent: abe3abb46699428038cd77f13b814de69fd7d0a2 (diff)
download: freeipa-dd86f83c96961390f756e35496447d6aeae64df6.tar.gz
freeipa-dd86f83c96961390f756e35496447d6aeae64df6.tar.xz
freeipa-dd86f83c96961390f756e35496447d6aeae64df6.zip
1 files changed, 3 insertions, 3 deletions
diff --git a/install/updates/20-sslciphers.update b/install/updates/20-sslciphers.update
index b0c952f49..978a44ba4 100644
--- a/install/updates/20-sslciphers.update
+++ b/install/updates/20-sslciphers.update
@@ -1,6 +1,6 @@
 # change configured ciphers
-# the result of this update will be that all ciphers
-# provided by NSS which ar not weak will be enabled
+# the result of this update will be that default ciphers
+# provided by DS which are not weak will be enabled
 dn: cn=encryption,cn=config
-only:nsSSL3Ciphers: +all
+only:nsSSL3Ciphers: default
 addifnew:allowWeakCipher: off
author	Martin Basti <mbasti@redhat.com>	2016-03-03 17:39:34 +0100
committer	Martin Basti <mbasti@redhat.com>	2016-03-09 10:04:58 +0100
commit	dd86f83c96961390f756e35496447d6aeae64df6 (patch)
tree	cb743f6370eaa2534d2d505343a702f390cbfc3d /install/updates
parent	abe3abb46699428038cd77f13b814de69fd7d0a2 (diff)
download	freeipa-dd86f83c96961390f756e35496447d6aeae64df6.tar.gz freeipa-dd86f83c96961390f756e35496447d6aeae64df6.tar.xz freeipa-dd86f83c96961390f756e35496447d6aeae64df6.zip