[Pkg-openldap-devel] Bug#784179: slapd: libnet-ldap-perl fails to communicate with slapd using start_tls for TLSCipherSuite SECURE256
Christian
chanlists at googlemail.com
Sun May 3 22:17:21 UTC 2015
On Sun, 3 May 2015 15:05:48 -0700 Ryan Tandy <ryan at nardis.ca> wrote:
> Control: tag -1 confirmed
>
> On Sun, May 03, 2015 at 11:39:05PM +0200, Christian Ospelkaus wrote:
> >The perl module Net::LDAP in jessie fails to talk to an slapd on jessie using
> >start_tls. Net::LDAP in jessie can, however, talk to an slapd running on
> >wheezy.
>
> Thanks for the report. I confirm that behaviour and will take a closer
> look as soon as I can. It looks like it does work if I don't set
> olcTLSCipherSuite at all, so I wonder if the SECURE256 setting simply
> has no ciphers in common with Net::LDAP's defaults?
Thanks for the quick reply. Sorry I filed the report using a local email
address. Please use chanlists at googlemail.com
>From the libnet-ldap-perl documentation:
Net::LDAPS will by default use all the algorithms built into your copy
of OpenSSL, except for ones considered to use "low" strength
encryption, and those using export strength encryption. You can
override this when you create the Net::LDAPS object using the
'ciphers' option.
I briefly looked at it, but I could not see how it would select specific
ciphers. Thanks,
Christian
More information about the Pkg-openldap-devel
mailing list