[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(ITS#5887) Fix GnuTLS support for TLS_CIPHER_SUITE
Full_Name: Quanah Gibson-Mount
Version: 2.4.13
OS: NA
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (75.111.29.239)
See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510346
Summary from Simon Josefsson:
A proper fix requires co-ordination with the OpenLDAP people. Either
they 1) remove all strange code for parsing ciphers for GnuTLS and only
use gnutls_priority_set_direct on the TLS_CIPHER_SUITE string, or 2)
they introduce a new configuration keyword TLS_PRIORITY that is is sent
to GnuTLS's priority functions. Given that TLS_CIPHER_SUITE accepts
OpenSSL strings like 'HIGH:+SSLv2' I believe that matches GnuTLS
priority strings, so I would recommend 1). And improve the
documentation to point at, e.g., gnutls_priority_init(3) or the GnuTLS
manual in the OpenLDAP documentation.
/Simon