Issue 8580 - force openssl use the server side cipher preference
Summary: force openssl use the server side cipher preference
Status: VERIFIED FIXED
Alias: None
Product: OpenLDAP
Classification: Unclassified
Component: slapd (show other issues)
Version: unspecified
Hardware: All All
: --- normal
Target Milestone: 2.5.1
Assignee: Quanah Gibson-Mount
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-02-03 16:41 UTC by sca@andreasschulze.de
Modified: 2021-02-08 17:52 UTC (History)
0 users

See Also:

Attachments
andreas-schulze-2017-02-03.patch (896 bytes, patch)
2020-03-23 02:18 UTC, Quanah Gibson-Mount 		Details
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.
Description sca@andreasschulze.de 2017-02-03 16:41:15 UTC 
Full_Name: Andreas Schulze
Version: RE24
OS: Linux
URL: ftp://ftp.openldap.org/incoming/andreas-schulze-20170203.patch
Submission from: (NULL) (2001:a60:f0b4:e502:758b:b0b2:3fc:f121)


In OpenSSL client and Server may select a cipher.
The patch force the cipher preference is force by the server
and not by the client, which is a openssl default

Let the server select ciphers is best practice for webservers for example.
Comment 1 Quanah Gibson-Mount 2017-03-20 23:32:36 UTC 
moved from Incoming to Software Enhancements
Comment 2 Quanah Gibson-Mount 2020-03-23 02:18:33 UTC 
Created attachment 653 [details]
andreas-schulze-2017-02-03.patch
Comment 4 Quanah Gibson-Mount 2021-01-28 20:59:04 UTC 
Commits: 
  • 61f61904 
by Quanah Gibson-Mount at 2021-01-28T20:22:50+00:00 
ITS#8580 - Explicitly honor the server side cipher suite preference