[Pkg-openldap-devel] Bug#462588: (ITS#5341) Invalid TLSCipherSuite causes hang

Steve Langasek vorlon at debian.org
Tue Jan 29 19:55:24 UTC 2008


On Tue, Jan 29, 2008 at 11:31:43AM -0800, Quanah Gibson-Mount wrote:
> --On Tuesday, January 29, 2008 11:09 AM -0800 Steve Langasek 
> <vorlon at debian.org> wrote:

> > Anyway, the documented syntax for TLSCipherSuite is "$cipher1:$cipher2",
> > not "$cipher1 $cipher2"; but setting such values gives me a hang on
> > startup (which should be investigated).

> Filed upstream:

> <http://www.OpenLDAP.org/its/index.cgi?findid=5341>

Sorry, the description of this ITS is inverted.  It's *valid* ciphersuite
values (i.e., "cipher1:cipher2") that cause the hang; invalid
space-separated values are merely truncated after the first cipher in the
list, which doesn't cause a hang, it just prevents the cipher list from
being useful.

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek at ubuntu.com                                     vorlon at debian.org





More information about the Pkg-openldap-devel mailing list