[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Increase default olcLocalSSF to 128

To: Ryan Tandy <ryan@nardis.ca>, openldap-devel@openldap.org
Subject: Re: Increase default olcLocalSSF to 128
From: Michael Ströder <michael@stroeder.com>
Date: Thu, 26 Jul 2018 08:19:34 +0200
In-reply-to: <20180726024740.3xayjjz7rkqt5tz4@kiwi.nardis.ca>
References: <20180726024740.3xayjjz7rkqt5tz4@kiwi.nardis.ca>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1

On 07/26/2018 04:47 AM, Ryan Tandy wrote:

I propose increasing the default olcLocalSSF to 128. Mentioned initiallyon IRC, now bringing it to the list for completeness and archival.
In typical setups people want to require TLS *or* ldapi, and ssf=128seems like a pretty common olcSecurity setting for current systems.


+1

But why not choosing an even higher value like 256?
I really wonder why it was set to 71.

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Follow-Ups:
- Re: Increase default olcLocalSSF to 128
  - From: Dieter Klünter <dieter@dkluenter.de>

References:
- Increase default olcLocalSSF to 128
  - From: Ryan Tandy <ryan@nardis.ca>

Prev by Date: Increase default olcLocalSSF to 128
Next by Date: Re: Increase default olcLocalSSF to 128
Index(es):
- Chronological
- Thread