Hi Kyle,
On Fri, Feb 01, 2008 at 12:15:52AM -0500, Kyle Moffett wrote:
On Jan 29, 2008 2:55 PM, Steve Langasek vorlon@debian.org wrote:
On Tue, Jan 29, 2008 at 11:31:43AM -0800, Quanah Gibson-Mount wrote:
--On Tuesday, January 29, 2008 11:09 AM -0800 Steve Langasek vorlon@debian.org wrote:
Anyway, the documented syntax for TLSCipherSuite is "$cipher1:$cipher2", not "$cipher1 $cipher2"; but setting such values gives me a hang on startup (which should be investigated).
Filed upstream: http://www.OpenLDAP.org/its/index.cgi?findid=5341
Sorry, the description of this ITS is inverted. It's *valid* ciphersuite values (i.e., "cipher1:cipher2") that cause the hang; invalid space-separated values are merely truncated after the first cipher in the list, which doesn't cause a hang, it just prevents the cipher list from being useful.
Steve, would you mind testing the patch I posted there? It fixed the problem for me when I wrote it a month or two ago, hopefully it will fix the problem for you too.
Thanks, I can confirm this fixes the problem here. I'm able to set multiple ciphers in a TLSCipherSuite list, and able to connect appropriately with ldapsearch and gnutls-cli after the change.
-
vorlon@debian.org