Me too.. I had some problems recently trying to secure a connection, do not know why but I had to set all of them to 256, lower number gave errors of "..stronger something needed.." taking a look at the logs I saw that most to the connection were "established ssf=256", so, I tried that number and worked out, but hate guessing, and less when security is involved, the man page is clear, but how can I know if I need 65, 112, 128 or whatever?
For what I read about which ssf to use for a specific connection , you have to to use ACL's, I found some examples in the documentation. Bytes.. During Wed, 11 Apr 2007, Matthias Nagl Spat Out: > Date: Wed, 11 Apr 2007 10:57:16 +0200 > From: Matthias Nagl <[EMAIL PROTECTED]> > To: [email protected] > Subject: documentation for security ssf-settings > > > Is there any more comprehensive documentation for the security strength > factors in the security statement than the man-page entry? > > "The minssf=<factor> property specifies the minimum acceptable security > strength factor as an integer approximate to effective key length used for > encryption. 0 (zero) implies no protection, 1 implies integrity protection > only, 56 allows DES or other weak ciphers, 112 allows triple DES and other > strong ciphers, 128 allows RC4, Blowfish and other modern strong ciphers. > The default is 0." > > I am espacially interested which consequences the different ssf-settings > exactly have. What is really checked if I set for example > security transport=x sasl=y tls=z ?? > > Additionally I'd like to know if it is possible to set special > security-settings for localhost-connections as they are always secure and > won't need encryption. > > Thanks > > Matthias > -- *-=> LCP - SAIR Linux Certified Professional <=-* *-=> Powered By FreeBSD 6.2-STABLE - The Power To Serve <=-* *-=> GPG Public Key at http://gnv.us.ks.cryptnet.net <=-* *-=> Telematica S.R.L Telecomunicaciones <=-* *-=> Tel./Fax: (598)2 408 2837 - 4024596 E. Acevedo 1622 <=-* --- This message was checked by forty monkeys and found to not contain any SPAM whatsoever. -- Your monkeys may vary
