Re: [Pki-users] Disable the cipher RC4 for the web interface

Hi, I am currently using pki-ca v9.0.3-32 with FreeIPA v3.0.0.-37 on a CentOS 6.5 machine. I am scanning my internal networks in order to find vulnerabilities, and trying to fix anything I find. I have found that the HTTPS pki-ca administration interfaces listening on ports 9444 and 9445 were accepting what might be considered as weak ciphers (RC4) for data encryption. I removed those ciphers from /etc/pki-ca/server.xml, and then restarded the daemon, but this had no effects whatsoever on the ciphers availables on these SSL ports. I searched a bit around /etc/pki-ca/ and /var/lib/pki-ca/ but could not find where to make my changes in order to disable RC4 ciphers for those administration interfaces. I also searched on the Internet & asked on the IRC channel about this issue, with no succes, so here I am. Has anyone already found a way to do this ? Regards,