On Fri, 06 Nov 2015, Marat Vyshegorodtsev wrote:
Actually, looking at the source code of 389DS it is impossible.
I gave up.
http://fossies.org/linux/389-ds-base/ldap/servers/slapd/ssl.c
(see screenshot)
Only RSA and some mysterious Fortezza are allowed. NSS'
SSL_ConfigSecureServer actually
Actually, looking at the source code of 389DS it is impossible.
I gave up.
http://fossies.org/linux/389-ds-base/ldap/servers/slapd/ssl.c
(see screenshot)
Only RSA and some mysterious Fortezza are allowed. NSS'
SSL_ConfigSecureServer actually does support kt_dh, not sure if it applies
to ECDH
On 11/05/2015 02:39 PM, Marat Vyshegorodtsev wrote:
> Hi!
>
> I've been fighting for the past week with FreeIPA and trying to make
> it work with my own CA certificate that is ECDSA_SHA256.
>
> Even though I somehow fixed /etc/httpd/conf.d/nss.conf to make it work
> (basically added correct NSSCi