[email protected] wrote: > Full_Name: Matthijs Mohlmann > Version: 2.4.21 > OS: Linux > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (83.163.247.203) > > > Hi, > > The manpage about the TLS_CIPHER_SUITE is for gnutls a bit unclear, only an > example for OpenSSL is provided. > > Peter Marschall wrote a patch for this documentation issue.
If Peter wants his patch considered for inclusion in OpenLDAP he should write to the ITS himself, we cannot accept 3rd party contributions. > See also: > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510346 > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=563113 > > Regards, > > Matthijs Mohlmann > > Patch: > --- openldap-2.1.21/doc/man/man5/ldap.conf.5 > +++ openldap-2.1.21/doc/man/man5/ldap.conf.5 2010-04-15 08:26:41.000000000 > +0200 > @@ -334,19 +334,37 @@ > .B TLS_CIPHER_SUITE<cipher-suite-spec> > Specifies acceptable cipher suite and preference order. > <cipher-suite-spec> should be a cipher specification for OpenSSL, > -e.g., HIGH:MEDIUM:+SSLv2. > +<cipher-suite-spec> should be a cipher specification for OpenSSL resp. > GNUtls. > +Example: > +.RS > +.RS > +.TP > +.I OpenSSL: > +TLS_CIPHER_SUITE HIGH:MEDIUM:+SSLv2 > +.TP > +.I GNUtls: > +TLS_CIPHER_SUITE SECURE256:!AES-128-CBC > +.RE > > -To check what ciphers a given spec selects, use: > +To check what ciphers a given spec selects in OpenSSL, use: > > .nf > openssl ciphers \-v<cipher-suite-spec> > .fi > > -To obtain the list of ciphers in GNUtls use: > +With GNUtls the available specs can be found in the manual page of > +.BR gnutls\-cli (1) > +(see the description of the > +option > +.BR \-\-priority ). > + > +In older versions of GNUtls, where gnutls\-cli does not support the option > +\-\-priority, you can obtain the \(em more limited \(em list of ciphers by > calling: > > .nf > - gnutls-cli \-l > + gnutls\-cli \-l > .fi > +.RE > .TP > .B TLS_RANDFILE<filename> > Specifies the file to obtain random bits from when /dev/[u]random is > > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
