forcemerge 541256 648056
thanks
Hi Christophe,
On 08/11/11 09:12 AM, Christophe Ségui wrote:
Package: slapd
Version: 2.4.23-7.2
Openldap refuses to use cipher TLS_RSA_3DES_EDE_CBC_SHA1 when the cipher
is available to the system.
Starting from version 2.4.14 the meaning of the TLSCipherSuite parameter
changed; see https://bugs.debian.org/510346 for the background on that
change. Now, when openldap is built against GnuTLS, it takes a priority
string, the structure of which is documented here:
http://gnutls.org/manual/html_node/Priority-Strings.html
I believe the setting you want is:
olcTLSCipherSuite: +RSA:+3DES-CBC:+SHA1
In squeeze and later, that setting appears to work for me (based on
output of gnutls-cli -p 636).
I am marking this bug as a duplicate of #541256, which describes the
same issue and discusses the possibility (though I'd argue it's too late
now) of migrating the setting to the newer format on upgrade.
thanks,
Ryan
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
