https://bugs.openldap.org/show_bug.cgi?id=10181
--- Comment #2 from [email protected] --- I'm afraid I don't understand your reasoning. There are configurations for setting the certificate/key, the cipher suites, DH parameters, and the mix/max protocol versions in OpenLDAP. Allowed groups/curves and signature algorithms are as much a part of the TLS setup as those settings, and are provided by many other software packages I've used. While it's possible to configure all of those things globally in openssl.cnf, they can't be configured per service there unless those services are explicitly loading a section with a particular name when they initialize OpenSSL. Since I don't see OpenLDAP using that OpenSSL API, I am guessing it doesn't do that, making it impossible to set groups/curves and sigalgs for ldap without affecting the entire system. -- You are receiving this mail because: You are on the CC list for the issue.
