[Date Prev][Date Next] [Chronological] [Thread] [Top]

documentation for security ssf-settings

To: openldap-software@openldap.org
Subject: documentation for security ssf-settings
From: Matthias Nagl <openldap-list@mnagl.de>
Date: Wed, 11 Apr 2007 10:57:16 +0200
Content-disposition: inline
User-agent: KMail/1.9.5

Is there any more comprehensive documentation for the security strength 
factors in the security statement than the man-page entry?

"The minssf=<factor> property specifies the minimum acceptable security 
strength factor as an integer approximate to effective key length used for 
encryption.   0  (zero) implies no protection, 1 implies integrity protection 
only, 56 allows DES or other weak ciphers, 112 allows triple DES and other 
strong ciphers, 128 allows RC4, Blowfish and other modern strong ciphers.  
The default is 0."

I am espacially interested which consequences the different ssf-settings 
exactly have. What is really checked if I set for example
security transport=x sasl=y tls=z ??

Additionally I'd like to know if it is possible to set special 
security-settings for localhost-connections as they are always secure and 
won't need encryption.

Thanks

Matthias

Follow-Ups:
- Re: documentation for security ssf-settings
  - From: netwarrior863@gmail.com

Prev by Date: Re: TLS/SSL problem - unsupported certificate
Next by Date: RE: Ldapsearch on multiple attributes
Index(es):
- Chronological
- Thread