Jaunty uses a newer libgnutls option. The slapd.conf man page (and slapd-conf man page) still says you can find cipher names for TLSCipherSuite (and olcTLSCipherSuite) by running "gnutls-cli -l" but names output by that command are not accepted as options for TLSCipherSuite. This is a bug in the documentation.
If you look through the libgnutls source code (file gnutls26-2.4.2/lib/gnutls_priority.c function gnutls_priority_init() ) reveals option names. As an example, this syntax is accepted by slapd if you use slapd.conf on Jaunty: TLSCipherSuite SECURE256:SECURE128 but OpenLDAP on Hardy could use TLSCipherSuite TLS_RSA_AES_256_CBC_SHA1:TLS_RSA_ARCFOUR_MD5 and now slapd on Jaunty will not start if you try that despite what the manual page says about TLSCipherSuite accepting ciphers that "gnutls-cli -l" outputs. -- Wrong documentation for TLSCipherSuite https://bugs.launchpad.net/bugs/317401 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap2.3 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs