[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLSVerifyClient => no login possible

To: openldap-technical@openldap.org
Subject: Re: TLSVerifyClient => no login possible
From: "Dieter Kluenter" <dieter@dkluenter.de>
Date: Fri, 06 Mar 2009 16:19:51 +0100
In-reply-to: <49B1284A.3050103@lmv-hartmannsdorf.de> (Sebastian Reinhardt's message of "Fri, 06 Mar 2009 14:42:34 +0100")
References: <49A4693D.2040205@lmv-hartmannsdorf.de> <87hc2i5028.fsf@rubin.l4b.de> <49A56823.3080803@lmv-hartmannsdorf.de> <871vtmh15q.fsf@rubin.l4b.de> <49A70157.6050101@lmv-hartmannsdorf.de> <87eixkugwd.fsf@rubin.l4b.de> <49AC5803.4070501@lmv-hartmannsdorf.de> <87ab83ezkz.fsf@rubin.l4b.de> <8763iqg6wl.fsf@rubin.l4b.de> <49B06DAE.8020405@lmv-hartmannsdorf.de> <49B07504.3080506@lmv-hartmannsdorf.de> <87sklr83b7.fsf@rubin.l4b.de> <49B1284A.3050103@lmv-hartmannsdorf.de>
User-agent: Gnus/5.1008 (Gnus v5.10.8) XEmacs/21.5-b28 (linux)

Sebastian Reinhardt <snr@lmv-hartmannsdorf.de> writes:

> Dieter Kluenter schrieb:
>> Sebastian Reinhardt <snr@lmv-hartmannsdorf.de> writes:
[...]
>> In order to find out run
>> openssl ciphers SSLv2
>> openssl ciphers HIGH
>> openssl ciphers MEDIUM
[...]
> Hi Dieter,
> I get the following output:
>
> lmvserver:~ #openssl ciphers SSLv2
> DES-CBC3-MD5:DES-CBC-MD5:EXP-RC2-CBC-MD5:RC2-CBC-MD5:EXP-RC4-MD5:RC4-MD5
>
> lmvserver:~ # openssl ciphers MEDIUM
> ADH-RC4-MD5:RC4-SHA:RC4-MD5:RC2-CBC-MD5:RC4-MD5
>
> lmvserver:~ # openssl ciphers HIGH
> ADH-CAMELLIA256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:CAMELLIA256-SHA:ADH-CAMELLIA128-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:CAMELLIA128-SHA:ADH-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:ADH-AES128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:ADH-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-MD5
>
> So I think, this should work?! SSLv3 is also available. Is it better to
> use  "TLSCipherSuite HIGH:MEDIUM:+SSLv3"?

Just try TLSCipherSuite HIGH
If you see any failures try HIGH:MEDIUM

-Dieter


-- 
Dieter KlÃnter | Systemberatung
http://www.dpunkt.de/buecher/2104.html
sip: +49.180.1555.7770535
GPG Key ID:8EF7B6C6
53Â08'09,95"N
10Â08'02,42"E

Follow-Ups:
- Re: TLSVerifyClient => no login possible
  - From: Sebastian Reinhardt <snr@lmv-hartmannsdorf.de>

References:
- Re: TLSVerifyClient => no login possible
  - From: Sebastian Reinhardt <snr@lmv-hartmannsdorf.de>
- Re: TLSVerifyClient => no login possible
  - From: "Dieter Kluenter" <dieter@dkluenter.de>
- Re: TLSVerifyClient => no login possible
  - From: "Dieter Kluenter" <dieter@dkluenter.de>
- Re: TLSVerifyClient => no login possible
  - From: Sebastian Reinhardt <snr@lmv-hartmannsdorf.de>
- Re: TLSVerifyClient => no login possible
  - From: Sebastian Reinhardt <snr@lmv-hartmannsdorf.de>
- Re: TLSVerifyClient => no login possible
  - From: "Dieter Kluenter" <dieter@dkluenter.de>
- Re: TLSVerifyClient => no login possible
  - From: Sebastian Reinhardt <snr@lmv-hartmannsdorf.de>

Prev by Date: Re: openldap client configuration to connect to AD
Next by Date: Re: TLSVerifyClient => no login possible
Index(es):
- Chronological
- Thread