[Date Prev][Date Next]
Re: documentation for security ssf-settings
Me too.. I had some problems recently trying to secure a connection, do
not know why but I had to set all of them to 256, lower number gave
errors of "..stronger something needed.." taking a look at the logs I
saw that most to the connection were "established ssf=256", so, I tried
that number and worked out, but hate guessing, and less when security is
involved, the man page is clear, but how can I know if I need 65, 112,
128 or whatever?
For what I read about which ssf to use for a specific connection , you
have to to use ACL's, I found some examples in the documentation.
During Wed, 11 Apr 2007, Matthias Nagl Spat Out:
> Date: Wed, 11 Apr 2007 10:57:16 +0200
> From: Matthias Nagl <email@example.com>
> To: firstname.lastname@example.org
> Subject: documentation for security ssf-settings
> Is there any more comprehensive documentation for the security strength
> factors in the security statement than the man-page entry?
> "The minssf=<factor> property specifies the minimum acceptable security
> strength factor as an integer approximate to effective key length used for
> encryption. 0 (zero) implies no protection, 1 implies integrity protection
> only, 56 allows DES or other weak ciphers, 112 allows triple DES and other
> strong ciphers, 128 allows RC4, Blowfish and other modern strong ciphers.
> The default is 0."
> I am espacially interested which consequences the different ssf-settings
> exactly have. What is really checked if I set for example
> security transport=x sasl=y tls=z ??
> Additionally I'd like to know if it is possible to set special
> security-settings for localhost-connections as they are always secure and
> won't need encryption.
*-=> LCP - SAIR Linux Certified Professional <=-*
*-=> Powered By FreeBSD 6.2-STABLE - The Power To Serve <=-*
*-=> GPG Public Key at http://gnv.us.ks.cryptnet.net <=-*
*-=> Telematica S.R.L Telecomunicaciones <=-*
*-=> Tel./Fax: (598)2 408 2837 - 4024596 E. Acevedo 1622 <=-*
This message was checked by forty monkeys and found to not
contain any SPAM whatsoever.
-- Your monkeys may vary