[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Perfect Forward Secrecy

--On Friday, September 06, 2013 11:33 PM +0200 Michael StrÃder <michael@stroeder.com> wrote:

Howard Chu wrote:
Dieter KlÃnter wrote:
I wonder whether openldap, if compiled with openssl-1.x, will support
PFS. http://en.wikipedia.org/wiki/Perfect_forward_secrecy
This issue has been discussed on several mailinglists recently.

It already does, but you have to use the right cipher suites.

Also see ITS #7595 http://www.openldap.org/its/index.cgi/Incoming?id=7595

http://www.openldap.org/doc/admin24/tls.html mentions directive
'TLSEphemeralDHParamFile' whereas slapd.conf(5) mentions 'TLSDHParamFile'.

The latter is correct.  Can you file a doc bug?



Quanah Gibson-Mount
Lead Engineer
Zimbra, Inc
Zimbra ::  the leader in open source messaging and collaboration