[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6524) gnutls cipher spec is unclear

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#6524) gnutls cipher spec is unclear
From: hyc@symas.com
Date: Fri, 16 Apr 2010 16:02:09 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

matthijs@cacholong.nl wrote:
> Full_Name: Matthijs Mohlmann
> Version: 2.4.21
> OS: Linux
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (83.163.247.203)
>
>
> Hi,
>
> The manpage about the TLS_CIPHER_SUITE is for gnutls a bit unclear, only an
> example for OpenSSL is provided.
>
> Peter Marschall wrote a patch for this documentation issue.

If Peter wants his patch considered for inclusion in OpenLDAP he should write 
to the ITS himself, we cannot accept 3rd party contributions.

> See also:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510346
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=563113
>
> Regards,
>
> Matthijs Mohlmann
>
> Patch:
> --- openldap-2.1.21/doc/man/man5/ldap.conf.5
> +++ openldap-2.1.21/doc/man/man5/ldap.conf.5	2010-04-15 08:26:41.000000000
> +0200
> @@ -334,19 +334,37 @@
>   .B TLS_CIPHER_SUITE<cipher-suite-spec>
>   Specifies acceptable cipher suite and preference order.
>   <cipher-suite-spec>  should be a cipher specification for OpenSSL,
> -e.g., HIGH:MEDIUM:+SSLv2.
> +<cipher-suite-spec>  should be a cipher specification for OpenSSL resp. GNUtls.
> +Example:
> +.RS
> +.RS
> +.TP
> +.I OpenSSL:
> +TLS_CIPHER_SUITE HIGH:MEDIUM:+SSLv2
> +.TP
> +.I GNUtls:
> +TLS_CIPHER_SUITE SECURE256:!AES-128-CBC
> +.RE
>
> -To check what ciphers a given spec selects, use:
> +To check what ciphers a given spec selects in OpenSSL, use:
>
>   .nf
>   	openssl ciphers \-v<cipher-suite-spec>
>   .fi
>
> -To obtain the list of ciphers in GNUtls use:
> +With GNUtls the available specs can be found in the manual page of
> +.BR gnutls\-cli (1)
> +(see the description of the
> +option
> +.BR \-\-priority ).
> +
> +In older versions of GNUtls, where gnutls\-cli does not support the option
> +\-\-priority, you can obtain the \(em more limited \(em list of ciphers by
> calling:
>
>   .nf
> -	gnutls-cli \-l
> +	gnutls\-cli \-l
>   .fi
> +.RE
>   .TP
>   .B TLS_RANDFILE<filename>
>   Specifies the file to obtain random bits from when /dev/[u]random is
>
>


-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: (ITS#6524) gnutls cipher spec is unclear
Next by Date: Re: (ITS#4685) Updated changelog overlay by Neil Dunbar
Index(es):
- Chronological
- Thread