[Pkg-openldap-devel] Bug#648056: Openldap fails to use existing cipher TLS_RSA_3DES_EDE_CBC_SHA1
Ryan Tandy
ryan at nardis.ca
Mon Aug 18 03:46:29 UTC 2014
forcemerge 541256 648056
thanks
Hi Christophe,
On 08/11/11 09:12 AM, Christophe Ségui wrote:
> Package: slapd
> Version: 2.4.23-7.2
>
>
> Openldap refuses to use cipher TLS_RSA_3DES_EDE_CBC_SHA1 when the cipher
> is available to the system.
Starting from version 2.4.14 the meaning of the TLSCipherSuite parameter
changed; see https://bugs.debian.org/510346 for the background on that
change. Now, when openldap is built against GnuTLS, it takes a priority
string, the structure of which is documented here:
http://gnutls.org/manual/html_node/Priority-Strings.html
I believe the setting you want is:
olcTLSCipherSuite: +RSA:+3DES-CBC:+SHA1
In squeeze and later, that setting appears to work for me (based on
output of gnutls-cli -p 636).
I am marking this bug as a duplicate of #541256, which describes the
same issue and discusses the possibility (though I'd argue it's too late
now) of migrating the setting to the newer format on upgrade.
thanks,
Ryan
More information about the Pkg-openldap-devel
mailing list