>>> Michael Ströder<[email protected]> schrieb am 06.09.2013 um 23:33 in Nachricht <[email protected]>: > Howard Chu wrote: >> Dieter Klünter wrote: >>> Hi, >>> I wonder whether openldap, if compiled with openssl-1.x, will support >>> PFS. http://en.wikipedia.org/wiki/Perfect_forward_secrecy >>> This issue has been discussed on several mailinglists recently. >> >> It already does, but you have to use the right cipher suites. >> >> Also see ITS #7595 http://www.openldap.org/its/index.cgi/Incoming?id=7595 > > http://www.openldap.org/doc/admin24/tls.html mentions directive > 'TLSEphemeralDHParamFile' whereas slapd.conf(5) mentions 'TLSDHParamFile'.
Please let me note that 'TLSDHParamFile' is just a terrible identifier. How large is the fine for using underscores like in 'TLS_DH_ParamFile'? ;-) > > Ciao, Michael.
