Full_Name: Quanah Gibson-Mount Version: 2.4.13 OS: NA URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (75.111.29.239)

See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510346

Summary from Simon Josefsson:

A proper fix requires co-ordination with the OpenLDAP people. Either they 1) remove all strange code for parsing ciphers for GnuTLS and only use gnutls_priority_set_direct on the TLS_CIPHER_SUITE string, or 2) they introduce a new configuration keyword TLS_PRIORITY that is is sent to GnuTLS's priority functions. Given that TLS_CIPHER_SUITE accepts OpenSSL strings like 'HIGH:+SSLv2' I believe that matches GnuTLS priority strings, so I would recommend 1). And improve the documentation to point at, e.g., gnutls_priority_init(3) or the GnuTLS manual in the OpenLDAP documentation.

/Simon