Re: [Pki-users] Disable the cipher RC4 for the web interface

Did you try turning on the strictCiphers and FIPS mode? https://access.redhat.com/site/documentation/en-US/Red_Hat_Certificate_Sy... Search for the word "strictCiphers" and follow the instruction there. For nss softtoken you just need to do steps 14, 15, and 16. Stop server before you begin and start after you are done. hope this helps, Christina On 04/03/2014 08:02 AM, Thibaut Pouzet wrote: > Hi, > > I am currently using pki-ca v9.0.3-32 with FreeIPA v3.0.0.-37 on a > CentOS 6.5 machine. I am scanning my internal networks in order to > find vulnerabilities, and trying to fix anything I find. I have found > that the HTTPS pki-ca administration interfaces listening on ports > 9444 and 9445 were accepting what might be considered as weak ciphers > (RC4) for data encryption. > > I removed those ciphers from /etc/pki-ca/server.xml, and then > restarded the daemon, but this had no effects whatsoever on the > ciphers availables on these SSL ports. I searched a bit around > /etc/pki-ca/ and /var/lib/pki-ca/ but could not find where to make my > changes in order to disable RC4 ciphers for those administration > interfaces. > > I also searched on the Internet & asked on the IRC channel about this > issue, with no succes, so here I am. Has anyone already found a way > to do this ? > > Regards, > _______________________________________________ Pki-users mailing list Pki-users(a)redhat.com https://www.redhat.com/mailman/listinfo/pki-users