[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ssf settings for SASL and TLS
Am Fri, 19 Feb 2016 09:19:28 +0100
schrieb Michael Ströder <michael@stroeder.com>:
> Dieter Klünter wrote:
> > Am Thu, 18 Feb 2016 22:20:16 -0700
> >> Feb 18 22:19:04 baneling slapd[22171]: conn=1005 fd=15 ACCEPT from
> >> IP=10.1.10.12:55750 (IP=0.0.0.0:389) Feb 18 22:19:04 baneling
> >> slapd[22171]: conn=1005 op=0 EXT oid=1.3.6.1.4.1.1466.20037 Feb 18
> >> 22:19:04 baneling slapd[22171]: conn=1005 op=0 STARTTLS Feb 18
> >> 22:19:04 baneling slapd[22171]: conn=1005 op=0 RESULT oid= err=0
> >> text= Feb 18 22:19:04 baneling slapd[22171]: conn=1005 fd=15 TLS
> >> established tls_ssf=256 ssf=256
> > [...]
> >
> > You still have a overall security ssf=256 and it seems your TLS
> > session used a key length lower than 256 bit, check your TLS
> > configuration.
>
> Dieter, the log lines say: tls_ssf=256
>
> => TLS seems to be ok.
might be, but I think that security strength factor is just a
requirement for a given session, but doesn't say anything about
configured and used ciphers.
-Dieter
--
Dieter Klünter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53°37'09,95"N
10°08'02,42"E