[Pkg-openldap-devel] Bug#473796: Bug#473796: Bug#473796: TLS fails completely
Quanah Gibson-Mount
quanah at zimbra.com
Mon Jun 30 21:42:15 UTC 2008
--On Monday, June 30, 2008 2:29 PM -0700 Quanah Gibson-Mount
<quanah at zimbra.com> wrote:
> --On Monday, June 30, 2008 2:26 PM -0700 Quanah Gibson-Mount
> <quanah at zimbra.com> wrote:
>
>>>> This suggests to me that the SSF values haven't been properly
>>>> normalized for GNUtls. Doesn't the "128" mean, roughly, a symmetric
>>>> cipher with keylength of 128? Surely the user's "TLSCipherSuite
>>>> TLS_RSA_AES_256_CBC_SHA1" should satisfy this?
>>>
>>> The GnuTLS library is what reports back the SSF value. It may be
>>> worthwhile to discuss with them why their values are so low.
>>
>> Scratch that, it is an OpenLDAP conversion bug. I'll file an ITS on it
>> and report back.
>
> <http://www.openldap.org/its/index.cgi/?findid=5585>
Fixed:
Update of /repo/OpenLDAP/pkg/ldap/libraries/libldap
Modified Files:
tls.c 1.160 -> 1.161
Log Message:
ITS#5585 GnuTLS key strength is in bytes, we expected bits
CVS Web URLs:
http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/
http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls.c
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
More information about the Pkg-openldap-devel
mailing list