Marcelo Carvalho via FreeIPA-users wrote:
I have downloaded and used cipherscan
./cipherscan.txt 127.0.0.1
I belie this does it. Correct?
You don't need to scan all the available ciphers unless you want to do
that as well. If you just want to verify that the IPA servers have TLS
listeners you can run:
for port in 443 636 8443
do
openssl s_client -connect `hostname`:$port < /dev/null
done
And verify in the output that all three ports had successful connections.
It's still unclear what you're worried about. Are you concerned that
someone actively disabled TLS?
rob