[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Antw: Re: Q: TLS support

Ulrich Windl wrote:
Quanah Gibson-Mount <quanah@zimbra.com> schrieb am 16.07.2013 um 18:08 in
Nachricht <7D4A20353DA988409253CCDE@[]>:
--On Tuesday, July 16, 2013 8:17 AM +0200 Ulrich Windl
<Ulrich.Windl@rz.uni-regensburg.de> wrote:


I have some questions on TLS support in OpenLDAP:

1) How can I find out which cipher suite had been configured (when using
the distribution-supplied version)? From ldd I guess my slapd is using

If specific cipher suites have been configured, it would be in the slapd
configuration.  Otherwise, they'll be negotiated.

The question was: (How) can (if at all) I find out what cipher suite was compiled (linked with) into slapd?

The answer is "there are no cipher suites compiled into slapd."

2) Is the restriction ("This directive is not supported when using
GnuTLS.") on TLSCACertificatePath and GunTLS still effective? I'd like to
use it, but I'm unsure what the cipher suite is.

Why would you want to use an inferior and insecure TLS implementation?

I don't want to use GnuTLS; I wonder whether I can safely use the more flexible TLSCACertificatePath instead of a CA bundle file.

If you're using OpenSSL then a comment specifically about GnuTLS does not apply to you.

  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/