[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: PFS Ciphers
On Wed, Sep 18, 2013 at 11:19:27PM -0700, Howard Chu wrote:
> Read the slapd.conf(5) or slapd-config(5) manpage. You must
> configure the TLSDHParamFile.
Thanks.
> Your ciphersuite is wrong anyway. You want DHE, not DH, for PFS.
Either I miss something subbtle, or I am right:
$ openssl ciphers DH:!SHA:!aNULL|tr ':' '\n'
DHE-DSS-AES256-GCM-SHA384
DHE-RSA-AES256-GCM-SHA384
DHE-RSA-AES256-SHA256
DHE-DSS-AES256-SHA256
DHE-DSS-AES128-GCM-SHA256
DHE-RSA-AES128-GCM-SHA256
DHE-RSA-AES128-SHA256
DHE-DSS-AES128-SHA256
$ openssl ciphers DHE:!SHA:!aNULL|tr ':' '\n'
Error in cipher list
--
Emmanuel Dreyfus
manu@netbsd.org