Full_Name: Quanah Gibson-Mount Version: 2.4.47 OS: N/A URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (47.208.128.44) Currently OpenLDAP only allows for a single EECDH curve to be configured. However, OpenSSL 1.0.2 released in January 2015 was the first release to implement negotiation of supported curves in TLS servers. OpenLDAP needs updating to support this functionality.
--On Tuesday, July 16, 2019 9:45 PM +0000 quanah@openldap.org wrote: > Full_Name: Quanah Gibson-Mount > Version: 2.4.47 > OS: N/A > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (47.208.128.44) > > > Currently OpenLDAP only allows for a single EECDH curve to be configured. > However, OpenSSL 1.0.2 released in January 2015 was the first release to > implement negotiation of supported curves in TLS servers. OpenLDAP needs > updating to support this functionality. tls_dh.c in postfix/src/tls_dh.c gives some insight into how to correctly do this with OpenSSL, in the tls_auto_eecdh_curves fucntion. --Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>
OL head: Commits: • 2386a116 by Howard Chu at 2020-08-21T07:58:07+01:00 ITS#9054 Add support for multiple EECDH curves Requires OpenSSL 1.0.2 or newer
additional in master for slapd: Commits: • 650b1404 by Howard Chu at 2020-08-21T20:06:56+01:00 ITS#9054, #9318 add new TLS options to slapd bindconf
RE24: • aacec4c8 by Howard Chu at 2020-08-21T22:21:43+00:00 ITS#9054 Add support for multiple EECDH curves Requires OpenSSL 1.0.2 or newer • a9f42b12 by Howard Chu at 2020-08-21T23:02:11+00:00 ITS#9054, #9318 add new TLS options to slapd bindconf For use with back-ldap/back-meta/syncrepl/etc
head: Commits: • 53676779 by Howard Chu at 2020-08-27T11:22:58+01:00 ITS#9054 fix typo RE24: Commits: • d2139d5c by Howard Chu at 2020-08-27T15:05:46+00:00 ITS#9054 fix typo
trunk: Commits: • d5ed7c50 by Howard Chu at 2020-08-28T11:09:25+01:00 ITS#9054, #9318 document new TLS options in slapd RE24: Commits: • cfc231a5 by Howard Chu at 2020-08-28T15:27:59+00:00 ITS#9054, #9318 document new TLS options in slapd