Emmanuel Dreyfus wrote:
Hi
I tried to use ciphers that bring PFS for OpenLDAP, but it did not work.
I used this cipher specification:
TLSCipherSuite ECDH:DH:!SHA:!MD5:!aNULL:!eNULL
I test it this way:
for i in `openssl ciphers ALL|tr ':' '\n'` ; do
echo ''|openssl s_client -cipher $i
On Thu, 19 Sep 2013, Emmanuel Dreyfus wrote:
I tried to use ciphers that bring PFS for OpenLDAP, but it did not work.
I used this cipher specification:
...
I get nothing. I understand ECDH needs some support code, but why aren't
DH ciphers available?
To point to my answer on the thread 12
On Wed, Sep 18, 2013 at 11:19:27PM -0700, Howard Chu wrote:
Read the slapd.conf(5) or slapd-config(5) manpage. You must
configure the TLSDHParamFile.
Thanks.
Your ciphersuite is wrong anyway. You want DHE, not DH, for PFS.
Either I miss something subbtle, or I am right:
$ openssl ciphers
Emmanuel Dreyfus m...@netbsd.org wrote:
Read the slapd.conf(5) or slapd-config(5) manpage. You must
configure the TLSDHParamFile.
Thanks.
It works fine. I thought I had a problem with MacOS X machines causing
TLS negotiation faied messages, but they also do it without the
change. It seems
Hi
I tried to use ciphers that bring PFS for OpenLDAP, but it did not work.
I used this cipher specification:
TLSCipherSuite ECDH:DH:!SHA:!MD5:!aNULL:!eNULL
I test it this way:
for i in `openssl ciphers ALL|tr ':' '\n'` ; do
echo ''|openssl s_client -cipher $i -connect server:636 \