Am Fri, 19 Feb 2016 09:19:28 +0100 schrieb Michael Ströder <[email protected]>:
> Dieter Klünter wrote: > > Am Thu, 18 Feb 2016 22:20:16 -0700 > >> Feb 18 22:19:04 baneling slapd[22171]: conn=1005 fd=15 ACCEPT from > >> IP=10.1.10.12:55750 (IP=0.0.0.0:389) Feb 18 22:19:04 baneling > >> slapd[22171]: conn=1005 op=0 EXT oid=1.3.6.1.4.1.1466.20037 Feb 18 > >> 22:19:04 baneling slapd[22171]: conn=1005 op=0 STARTTLS Feb 18 > >> 22:19:04 baneling slapd[22171]: conn=1005 op=0 RESULT oid= err=0 > >> text= Feb 18 22:19:04 baneling slapd[22171]: conn=1005 fd=15 TLS > >> established tls_ssf=256 ssf=256 > > [...] > > > > You still have a overall security ssf=256 and it seems your TLS > > session used a key length lower than 256 bit, check your TLS > > configuration. > > Dieter, the log lines say: tls_ssf=256 > > => TLS seems to be ok. might be, but I think that security strength factor is just a requirement for a given session, but doesn't say anything about configured and used ciphers. -Dieter -- Dieter Klünter | Systemberatung http://sys4.de GPG Key ID: E9ED159B 53°37'09,95"N 10°08'02,42"E
