[Pkg-gnutls-maint] Bug#464625: please support OpenSSL-compatible ciphher nammes

Steve Langasek vorlon at debian.org
Fri Feb 8 02:13:19 UTC 2008


Source: gnutls26
Versiion: 2.2.1-3
Severity: wishlist

Hi,

With OpenLDAP 2.4, slapd in Debian has switched to GnuTLS.  This has
introduced one regression in terms of config file syntax, because the server
"TLSCipherSuite" option can be used to select which ciphers to allow for
connections, and none of the cipher names are compatible between GnuTLS and
OpenSSL; and furthermore, OpenSSL allowed certain "generic" cipher names as
documented at <http://www.openssl.org/docs/apps/ciphers.html>.

We've decided within the OpenLDAP team that trying to convert these names
ourselves for compatibility would be too onerous, but the suggestion was
brought up that it might be worthwhile if GnuTLS would centrally support
mapping some of these names for backwards-compatibility.  This then is a
wishlist request to that effect.

Cheers,
-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek at ubuntu.com                                     vorlon at debian.org





More information about the Pkg-gnutls-maint mailing list