[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Perfect Forward Secrecy

To: Howard Chu <hyc@symas.com>, openldap-technical@openldap.org
Subject: Re: Perfect Forward Secrecy
From: Michael StrÃder <michael@stroeder.com>
Date: Fri, 06 Sep 2013 23:33:46 +0200
In-reply-to: <522A35E1.3070606@symas.com>
References: <20130906190606.19563ea6@pink.avci.de> <522A35E1.3070606@symas.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:23.0) Gecko/20100101 Firefox/23.0 SeaMonkey/2.20

Howard Chu wrote:
> Dieter KlÃnter wrote:
>> Hi,
>> I wonder whether openldap, if compiled with openssl-1.x, will support
>> PFS. http://en.wikipedia.org/wiki/Perfect_forward_secrecy
>> This issue has been discussed on several mailinglists recently.
> 
> It already does, but you have to use the right cipher suites.
> 
> Also see ITS #7595 http://www.openldap.org/its/index.cgi/Incoming?id=7595

http://www.openldap.org/doc/admin24/tls.html mentions directive
'TLSEphemeralDHParamFile' whereas slapd.conf(5) mentions 'TLSDHParamFile'.

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Follow-Ups:
- Re: Perfect Forward Secrecy
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- Re: Perfect Forward Secrecy
  - From: Howard Chu <hyc@symas.com>
- Antw: Re: Perfect Forward Secrecy
  - From: "Ulrich Windl" <Ulrich.Windl@rz.uni-regensburg.de>

References:
- Perfect Forward Secrecy
  - From: Dieter KlÃnter <dieter@dkluenter.de>
- Re: Perfect Forward Secrecy
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: Problem pwdChangedTime
Next by Date: {resolved}Re: SyncRepl Chaining
Index(es):
- Chronological
- Thread