Hi I tried to use ciphers that bring PFS for OpenLDAP, but it did not work. I used this cipher specification:
TLSCipherSuite ECDH:DH:!SHA:!MD5:!aNULL:!eNULL
I test it this way:
for i in `openssl ciphers ALL|tr ':' '\n'` ; do
echo ''|openssl s_client -cipher $i -connect server:636 \
2>/dev/null |awk '/ Cipher/{print }' ;
done
I get nothing. I understand ECDH needs some support code, but why aren't
DH ciphers available?
--
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
[email protected]
