Ulrich Windl wrote:
Quanah Gibson-Mount <quanah@zimbra.com> schrieb am 16.07.2013 um 18:08 inNachricht <7D4A20353DA988409253CCDE@[192.168.1.22]>:--On Tuesday, July 16, 2013 8:17 AM +0200 Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de> wrote:Hi! I have some questions on TLS support in OpenLDAP: 1) How can I find out which cipher suite had been configured (when using the distribution-supplied version)? From ldd I guess my slapd is using libopenssl0_9_8.If specific cipher suites have been configured, it would be in the slapd configuration. Otherwise, they'll be negotiated.The question was: (How) can (if at all) I find out what cipher suite was compiled (linked with) into slapd?
The answer is "there are no cipher suites compiled into slapd."
2) Is the restriction ("This directive is not supported when using GnuTLS.") on TLSCACertificatePath and GunTLS still effective? I'd like to use it, but I'm unsure what the cipher suite is.Why would you want to use an inferior and insecure TLS implementation?I don't want to use GnuTLS; I wonder whether I can safely use the more flexible TLSCACertificatePath instead of a CA bundle file.
If you're using OpenSSL then a comment specifically about GnuTLS does not apply to you.
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/