[Date Prev][Date Next] [Chronological] [Thread] [Top]

PFS Ciphers

To: openldap-technical@openldap.org
Subject: PFS Ciphers
From: manu@netbsd.org (Emmanuel Dreyfus)
Date: Thu, 19 Sep 2013 07:57:52 +0200
User-agent: MacSOUP/2.7 (unregistered for 2434 days)

Hi

I tried to use ciphers that bring PFS for OpenLDAP, but it did not work.
I used this cipher specification:

TLSCipherSuite ECDH:DH:!SHA:!MD5:!aNULL:!eNULL

I test it this way:
for i in `openssl ciphers ALL|tr ':' '\n'` ; do 
        echo ''|openssl s_client -cipher $i -connect server:636 \
             2>/dev/null |awk  '/  Cipher/{print }' ; 
done

I get nothing. I understand ECDH needs some support code, but why aren't
DH ciphers available? 


-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@netbsd.org

Follow-Ups:
- Re: PFS Ciphers
  - From: Howard Chu <hyc@symas.com>
- Re: PFS Ciphers
  - From: Philip Guenther <guenther+ldaptech@sendmail.com>

Prev by Date: RE: auditing failed login attempts
Next by Date: Re: PFS Ciphers
Index(es):
- Chronological
- Thread