[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: TLSVerifyClient => no login possible
Dieter Kluenter schrieb:
> Sebastian Reinhardt <snr@lmv-hartmannsdorf.de> writes:
>
>
>> Dieter Kluenter schrieb:
>>
>>> Sebastian Reinhardt <snr@lmv-hartmannsdorf.de> writes:
>>>
> [...]
>
>>> In order to find out run
>>> openssl ciphers SSLv2
>>> openssl ciphers HIGH
>>> openssl ciphers MEDIUM
>>>
> [...]
>
>> Hi Dieter,
>> I get the following output:
>>
>> lmvserver:~ #openssl ciphers SSLv2
>> DES-CBC3-MD5:DES-CBC-MD5:EXP-RC2-CBC-MD5:RC2-CBC-MD5:EXP-RC4-MD5:RC4-MD5
>>
>> lmvserver:~ # openssl ciphers MEDIUM
>> ADH-RC4-MD5:RC4-SHA:RC4-MD5:RC2-CBC-MD5:RC4-MD5
>>
>> lmvserver:~ # openssl ciphers HIGH
>> ADH-CAMELLIA256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:CAMELLIA256-SHA:ADH-CAMELLIA128-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:CAMELLIA128-SHA:ADH-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:ADH-AES128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:ADH-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-MD5
>>
>> So I think, this should work?! SSLv3 is also available. Is it better to
>> use "TLSCipherSuite HIGH:MEDIUM:+SSLv3"?
>>
>
> Just try TLSCipherSuite HIGH
> If you see any failures try HIGH:MEDIUM
>
> -Dieter
>
>
>
I tried it, here the result:
with "TLSCipherSuite HIGH"
Shutting down ldap-server done
Starting ldap-serverstartproc: exit status of parent of
/usr/lib/openldap/slapd: 1
failed
with "TLSCipherSuite HIGH:Medium"
Shutting down ldap-server done
Starting ldap-serverstartproc: exit status of parent of
/usr/lib/openldap/slapd: 1
failed
--
Mit freundlichen GrÃÃen
Sebastian Reinhardt