MetadataProvider SSL errors

Gahring, David A gahringd at palmbeachstate.edu
Tue Jul 17 11:28:20 EDT 2018 

Hi Scott,



I finally got around to trying the cipherSuites option again as you suggested below, and I can't seem to get it to work.  Here are the two I've tried in the ApplicationDefaults tag with no success.  The only thing that I’ve gotten to work is the “tricky” approach using the TransportOption tag.  I’m certainly not an openSSL expert, so I’m probably missing something obvious..?



    <ApplicationDefaults entityID="ourownweb-test"

                         REMOTE_USER="eppn persistent-id targeted-id"

                         cipherSuites="ALL:!aNULL:!eNULL:!LOW:!EXPORT:!RC4:!SSLv2"

                         attributePrefix="AJP_">



     ---  and this one..  ---



    <ApplicationDefaults entityID="ourownweb-test"

                         REMOTE_USER="eppn persistent-id targeted-id"

                         cipherSuites="AES256-SHA"

                         attributePrefix="AJP_">



If you have a few minutes, could you provide an example so I can see what I might be doing wrong?



Thanks!



______________________________________

David A. Gahring

Systems Consultant - IT Department

Palm Beach State College

4200 Congress Avenue

Lake Worth, FL 33461

Work: 561.868.3320

Cell: 904.742-5407

Email: gahringd at palmbeachstate.edu









On 7/10/18, 5:51 PM, "users on behalf of Cantor, Scott" <users-bounces at shibboleth.net on behalf of cantor.2 at osu.edu> wrote:



    > Adding the following to the MetadataProvider section resolved the issue.



    Note that you can set cipherSuites directly in the configuration now without using tricks like that.



    -- Scott









    --

    For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg

    To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net



________________________________

Please note: Due to Florida’s broad open records law, most written communication to or from College employees is public record, available to the public and the media upon request. Therefore, this e-mail communication may be subject to public disclosure.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20180717/42491103/attachment.html>

More information about the users mailing list