[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#6524) gnutls cipher spec is unclear

Full_Name: Matthijs Mohlmann
Version: 2.4.21
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (


The manpage about the TLS_CIPHER_SUITE is for gnutls a bit unclear, only an
example for OpenSSL is provided.

Peter Marschall wrote a patch for this documentation issue.

See also:


Matthijs Mohlmann

--- openldap-2.1.21/doc/man/man5/ldap.conf.5
+++ openldap-2.1.21/doc/man/man5/ldap.conf.5	2010-04-15 08:26:41.000000000
@@ -334,19 +334,37 @@
 .B TLS_CIPHER_SUITE <cipher-suite-spec>
 Specifies acceptable cipher suite and preference order.
 <cipher-suite-spec> should be a cipher specification for OpenSSL,
-e.g., HIGH:MEDIUM:+SSLv2.
+<cipher-suite-spec> should be a cipher specification for OpenSSL resp. GNUtls.
+.I OpenSSL:
+.I GNUtls:
-To check what ciphers a given spec selects, use:
+To check what ciphers a given spec selects in OpenSSL, use:
 	openssl ciphers \-v <cipher-suite-spec>
-To obtain the list of ciphers in GNUtls use:
+With GNUtls the available specs can be found in the manual page of 
+.BR gnutls\-cli (1)
+(see the description of the 
+.BR \-\-priority ).
+In older versions of GNUtls, where gnutls\-cli does not support the option
+\-\-priority, you can obtain the \(em more limited \(em list of ciphers by
-	gnutls-cli \-l
+	gnutls\-cli \-l
 .B TLS_RANDFILE <filename>
 Specifies the file to obtain random bits from when /dev/[u]random is