https://bugs.openldap.org/show_bug.cgi?id=10403
--- Comment #5 from [email protected] --- I am uncertain about overlap. It's possible the functionality added in https://bugs.openldap.org/show_bug.cgi?id=10149 could also be done with this addition, but this patch also does much more. It allows direct use of any OpenSSL SSL_CONF directive in the OpenLDAP configuration file. As the SSL_CONF API is extended with new functionality, OpenLDAP gains access to those simply by running against the new libssl. Some examples: TLSOpenSSLConf "Ciphersuites TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256" TLSOpenSSLConf "MaxProtocol TLSv1.3" TLSOpenSSLConf "Options -SessionTicket" TLSOpenSSLConf "Options NoResumptionOnRenegotiation" TLSOpenSSLConf "Options -Compression" TLSOpenSSLConf "Options -UnsafeLegacyRenegotiation" TLSOpenSSLConf "Options -UnsafeLegacyServerConnect" TLSOpenSSLConf "SignatureAlgorithms ECDSA+SHA256:ECDSA+SHA384:ed25519:ed448" TLSOpenSSLConf "ClientSignatureAlgorithms ECDSA+SHA384:ed25519" TLSOpenSSLConf "Groups secp384r1:secp521r1:X25519" Similarly from PHP: ldap_set_option(NULL, LDAP_OPT_X_TLS_OPENSSL_CONF, "SignatureAlgorithms ECDSA+SHA384:ed25519"); -- You are receiving this mail because: You are on the CC list for the issue.
