[Date Prev][Date Next] [Chronological] [Thread] [Top]

Selecting TLS Cipher problem

I am trying to limit the cipher list for TLS negotiations, but I don't
seem to be able to do this.....

... output from -d -1.... (objectIdentifierMatch): matchingRuleUse: ( NAME
'objectIdentifierMatch' APPLIES ( supportedControl $ supportedExtension
$ supportedFeatures $ supportedApplicationContext ) )
TLS: could not set cipher list !ALL:HIGH:+SSLv3:+TLSv1:MEDIUM:+SSLv2:!
main: TLS init def ctx failed: -1
slapd destroy: freeing system resources.
slapd stopped.
connections_destroy: nothing to destroy.
</-d -1 snip>

Here is all of my TLS data from my slapd.conf
TLSCertificateFile /etc/ldap/certificate.pem
TLSCertificateKeyFile /etc/ldap/private.key
</slapd.conf snip>

OpenLDAP 2.4.7-5 on Debian x86 installed from apt

What did I do wrong?  I would swear the cipher list is good, but....