Marcelo Carvalho via FreeIPA-users wrote:
I have downloaded and used cipherscan
./cipherscan.txt 127.0.0.1
I belie this does it. Correct?
You don't need to scan all the available ciphers unless you want to do that as well. If you just want to verify that the IPA servers have TLS listeners you can run:
for port in 443 636 8443 do openssl s_client -connect `hostname`:$port < /dev/null done
And verify in the output that all three ports had successful connections.
It's still unclear what you're worried about. Are you concerned that someone actively disabled TLS?
rob