[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#7683) Feature request: write TLS prot/cipher to syslog

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#7683) Feature request: write TLS prot/cipher to syslog
From: hyc@symas.com
Date: Sat, 7 Sep 2013 19:26:58 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

michael@stroeder.com wrote:
> Full_Name:
> Version: HEAD
> OS:
> URL:
> Submission from: (NULL) (79.219.124.115)
>
>
> For debugging which TLS protocol version and cipher suites were actually
> negotiated with several LDAP clients this information would be written to the
> syslog message.
>
> Current logging:
>
> conn=1000 fd=12 TLS established tls_ssf=256 ssf=256
>
> Suggestion:
>
> conn=1000 fd=12 TLS established tls_ssf=256 ssf=256 tls_proto=TLSv1.1
> tls_cipher=DHE-RSA-AES256-SHA256
>
>
Added to master. MozNSS version is untested due to absence of PEM support in 
MozNSS. (See https://bugzilla.mozilla.org/show_bug.cgi?id=402712 - whatever 
PEM support that may exist is not of usable quality.)

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: Re: (ITS#7684) Admin Guide: Correct 'TLSEphemeralDHParamFile' to 'TLSDHParamFile'
Next by Date: Re: (ITS#7669) tool_bind in common.c should be doing conditional assert
Index(es):
- Chronological
- Thread