[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Seems I do not understand the ssf entries..... either that or something a bit more strange.

To: openldap-software <openldap-software@openldap.org>
Subject: Re: Seems I do not understand the ssf entries..... either that or something a bit more strange.
From: Pat Riehecky <prieheck@iwu.edu>
Date: Fri, 13 Jun 2008 09:16:19 -0500
In-reply-to: <E1C742E062EBA947D9B82117@STONEKING-LM.CORP.YAHOO.COM>
Organization: Illinois Wesleyan University
References: <1213308088.25521.141.camel@thales.iwu.edu> <E1C742E062EBA947D9B82117@STONEKING-LM.CORP.YAHOO.COM>

On Thu, 2008-06-12 at 16:49 -0700, Quanah Gibson-Mount wrote:
> 
> --On June 12, 2008 5:01:28 PM -0500 Pat Riehecky <prieheck@iwu.edu> wrote:
> 
> >> From the doc ( http://www.openldap.org/doc/admin24/security.html )
> > -----------------
> > security controls disallow operations when appropriate protections are
> > not in place. For example:
> >
> > security ssf=1 update_ssf=112
> 
> > In an ideal world I would like security update_ssf=128 simple_bind=112
> > to be working (force 3DES or better for a bind, for AES or better for an
> > update), but I will settle for what must I do to make the documented
> > example work for me?
> 
> Build your own OpenLDAP linked against OpenSSL, and use a strong key for 
> generating the cert used by OpenLDAP.
> 
> I also suggest searching the OpenLDAP-devel archives as to why using GnuTLS 
> is considered harmful.


After a rebuild with openssl everything works exactly as expected,

Thanks for the info, I would not have expected that fix, but there it
was!

Pat

References:
- Seems I do not understand the ssf entries..... either that or something a bit more strange.
  - From: Pat Riehecky <prieheck@iwu.edu>
- Re: Seems I do not understand the ssf entries..... either that or something a bit more strange.
  - From: Quanah Gibson-Mount <quanah@zimbra.com>

Prev by Date: bdb 4.7?
Next by Date: Re: bdb 4.7?
Index(es):
- Chronological
- Thread