• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • UC Berkeley
  • Berkeley Engineering
  • EECS

Header Search Widget

IRIS

Instructional & Research Information Systems

  • About Us
  • Get Started
  • Get Help
  • FAQ
    • FAQ: Accounts
    • FAQ: EECS Slack
    • FAQ: File Storage
    • FAQ: Hardware
    • FAQ: MacOS
    • FAQ: Mail
    • FAQ: Mailing Lists
    • FAQ: Network
    • FAQ: Security
    • FAQ: Unix
    • FAQ: Web
    • FAQ: Windows
  • Services
    • Accounts
    • Backups
    • E-mail
    • EECS Login Servers
    • File Storage
    • Infrastructure
    • Mailing Lists
    • Network
    • Printing
    • Room Reservations
    • Security
    • Software
    • Unix
    • Web
  • Policies
  • Forms
    • System Registration/Update
    • Account Request Form
    • Network Problem Report
    • SSL Certificate Request
    • All Other Forms
  • Rates

LDAP SSL/TLS changes

February 19, 2019 by Rob McNicholas

At this time, the department LDAP server ldap.eecs.berkeley.edu (aka ldap.cs.berkeley.edu) accepts implicit SSLv3 and TLS 1.0, 1.1 and 1.2 connections on port 636, and allow STARTTLS negotiation for the same protocols on port 389.

Beginning Tuesday, February 19th 2019 at 8am, our LDAP servers will no longer accept SSLv3 or TLSv1.0 connections. All clients must use TLS v1.1 or v1.2.

Please send any questions or problem reports to help@eecs.berkeley.edu.

UPDATE

[2019-02-19 11:05:37 | Rob McNicholas]

The IRIS LDAP servers behind ldap.eecs.berkeley.edu now only accept TLS 1.1 or 1.2 connections with strong ciphers. Here is a list of supported protocols and ciphers.

* tls1_1: AES256-SHA
* tls1_1: CAMELLIA256-SHA
* tls1_1: AES128-SHA
* tls1_1: SEED-SHA
* tls1_1: CAMELLIA128-SHA
* tls1_1: DES-CBC3-SHA
* tls1_1: IDEA-CBC-SHA
* tls1_1: RC4-SHA
* tls1_1: RC4-MD5
* tls1_2: AES256-GCM-SHA384
* tls1_2: AES256-SHA256
* tls1_2: AES256-SHA
* tls1_2: CAMELLIA256-SHA
* tls1_2: AES128-GCM-SHA256
* tls1_2: AES128-SHA256
* tls1_2: AES128-SHA
* tls1_2: SEED-SHA
* tls1_2: CAMELLIA128-SHA
* tls1_2: DES-CBC3-SHA
* tls1_2: IDEA-CBC-SHA
* tls1_2: RC4-SHA
* tls1_2: RC4-MD5

Resolved as of 2019-02-19 11:03:00

Filed Under: Resolved Incidents Services: LDAP

Primary Sidebar

IRIS Service Status

Green
We have 0 Active Incidents, and 0 Scheduled Maintenances noted.

IST Service Status

Outages to campus services are listed at berkeley.statusdashboard.com.

Recent Highlights

IT Support During Winter 2022 Energy Curtailment

December 7, 2022 by Lars Rohrbach

Upcoming Change to EECS Firewall Handling of SSH

September 22, 2022 by Lars Rohrbach

  • About
  • Contact
  • PRIVACY
  • ACCESSIBILITY
  • NONDISCRIMINATION

© 2022–2023 UC Regents  |  Log in