Fix: Cannot use SSL3 anymore
Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:
sudo dnf upgrade --refresh --advisory=FEDORA-2018-3c9a52df10
Please login to add feedback.
This update has been submitted for testing by mhonek.
This update has been pushed to testing.
works
works for me
The issue seems to be not fixed for i386 architecture. For the other it works.
openldap-2.4.46-2.fc28.i686
password is 'x'
rootpw x
database bdb suffix dc=my-domain,dc=com rootdn "cn=Manager,dc=my-domain,dc=com"
password is 'x'
rootpw {SSHA}tOSmeQCcYIm1S9ujgpg2Km5rpUnR9dRB
directory /var/lib/ldap/ TLSCipherSuite HIGH:MEDIUM:+SSLv2:+SSLv3:RSA TLSCertificateFile /etc/openldap/cacerts/server.crt TLSCertificateKeyFile /etc/openldap/cacerts/server.key TLSCACertificateFile /etc/openldap/cacerts/ca.crt TLSVerifyClient allow TLSProtocolMin 3.0 <<<<<<
openssl s_client -connect my-domain.com:636 -CAfile /etc/openldap/cacerts/ca.crt -ssl3
3080775424:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_s3.c:1407:SSL alert number 40 CONNECTED(00000003)
no peer certificate available
No client certificate CA names sent
SSL handshake has read 7 bytes and written 66 bytes Verification: OK
New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : SSLv3 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: PSK identity: None PSK identity hint: None SRP username: None Start Time: 1534768521 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no
Ok, take it back, all works, the system was not upgraded when I tested.
ldapsearch still works
This update has been submitted for batched by bodhi.
This update has been submitted for stable by bodhi.
This update has been pushed to stable.