Hello,
The patch implement a feature similar to http://www.postfix.org/postconf.5.html#tls_preempt_cipherlist
Not perfect, not configurable but works here without problems. Andreas
Description: force openssl use the server side cipher preference Author: A. Schulze --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ Index: openldap-2.4.44/libraries/libldap/tls_o.c =================================================================== --- openldap-2.4.44.orig/libraries/libldap/tls_o.c +++ openldap-2.4.44/libraries/libldap/tls_o.c @@ -363,6 +363,8 @@ tlso_ctx_init( struct ldapoptions *lo, s } } #endif + /* maybe some # ifdef are needed */ + SSL_CTX_set_options( ctx, SSL_OP_CIPHER_SERVER_PREFERENCE ); return 0; }
