Emmanuel Dreyfus wrote:
Hi
I tried to use ciphers that bring PFS for OpenLDAP, but it did not work.
I used this cipher specification:
TLSCipherSuite ECDH:DH:!SHA:!MD5:!aNULL:!eNULL
I test it this way:
for i in `openssl ciphers ALL|tr ':' '\n'` ; do
echo ''|openssl s_client -cipher $i
On Thu, 19 Sep 2013, Emmanuel Dreyfus wrote:
I tried to use ciphers that bring PFS for OpenLDAP, but it did not work.
I used this cipher specification:
...
I get nothing. I understand ECDH needs some support code, but why aren't
DH ciphers available?
To point to my answer on the thread 12
On Wed, Sep 18, 2013 at 11:19:27PM -0700, Howard Chu wrote:
Read the slapd.conf(5) or slapd-config(5) manpage. You must
configure the TLSDHParamFile.
Thanks.
Your ciphersuite is wrong anyway. You want DHE, not DH, for PFS.
Either I miss something subbtle, or I am right:
$ openssl ciphers
We have a client server that is failing on the ssl handshake using TLS.
The following is from the server log when the client is trying to connect.
Sep 19 09:12:49 tntest-ldap-3 slapd[18796]: conn=3534 fd=28 ACCEPT from
IP=172.17.1.10:55469 (IP=0.0.0.0:389)
Sep 19 09:12:49 tntest-ldap-3
On Thu, 19 Sep 2013, espe...@oreillyauto.com wrote:
We have a client server that is failing on the ssl handshake using TLS.
The following is from the server log when the client is trying to connect.
Sep 19 09:12:49 tntest-ldap-3 slapd[18796]: conn=3534 fd=28 ACCEPT from
IP=172.17.1.10:55469
From: Aaron Richton rich...@nbcs.rutgers.edu
To: espe...@oreillyauto.com
Cc: openldap-technical@openldap.org
Date: 09/19/2013 10:13 AM
Subject:Re: TLS negation failure
On Thu, 19 Sep 2013, espe...@oreillyauto.com wrote:
We have a client server that is failing on the ssl
Emmanuel Dreyfus m...@netbsd.org wrote:
Read the slapd.conf(5) or slapd-config(5) manpage. You must
configure the TLSDHParamFile.
Thanks.
It works fine. I thought I had a problem with MacOS X machines causing
TLS negotiation faied messages, but they also do it without the
change. It seems
Hello,
I'm struggling to setup my Hdb database in OpenLDAP. I'm trying to
create the entire directory from ldif files with cn=config.
I have two initialization ldifs. The first one creates all the
cn=config stuff, and also creates my Hdb database. The first file is
too long to completely list
Quanah,
Thanks for the reply. That ended up being the problem. I figured the
olcAccess line would allow anonymous searches, but I changed it to to
* by users read by users write and actually created the
cn=admin,dc=appName,dc=app simpleSecurityObject.
Cheers,
J
On Thu, Sep 19, 2013 at 3:07 PM,