[Pkg-openldap-devel] Bug#473796: Bug#473796: Bug#473796: TLS fails completely
Quanah Gibson-Mount
quanah at zimbra.com
Mon Jun 30 21:26:47 UTC 2008
--On Monday, June 30, 2008 2:22 PM -0700 Quanah Gibson-Mount
<quanah at zimbra.com> wrote:
> --On Sunday, June 29, 2008 1:12 AM -0700 Steve Langasek
> <vorlon at debian.org> wrote:
>
>>> I.e., the TLS SSF is 32. So no value > 32 will ever work.
>>
>> This suggests to me that the SSF values haven't been properly normalized
>> for GNUtls. Doesn't the "128" mean, roughly, a symmetric cipher with
>> keylength of 128? Surely the user's "TLSCipherSuite
>> TLS_RSA_AES_256_CBC_SHA1" should satisfy this?
>
> The GnuTLS library is what reports back the SSF value. It may be
> worthwhile to discuss with them why their values are so low.
Scratch that, it is an OpenLDAP conversion bug. I'll file an ITS on it and
report back.
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
More information about the Pkg-openldap-devel
mailing list