I am trying to limit the cipher list for TLS negotiations, but I don't seem to be able to do this.....
... output from -d -1.... 2.5.13.0 (objectIdentifierMatch): matchingRuleUse: ( 2.5.13.0 NAME 'objectIdentifierMatch' APPLIES ( supportedControl $ supportedExtension $ supportedFeatures $ supportedApplicationContext ) ) TLS: could not set cipher list !ALL:HIGH:+SSLv3:+TLSv1:MEDIUM:+SSLv2:! aNULL:!NULL:+SHA:+MD5. main: TLS init def ctx failed: -1 slapd destroy: freeing system resources. slapd stopped. connections_destroy: nothing to destroy. </-d -1 snip>
Here is all of my TLS data from my slapd.conf # SSL TLSCertificateFile /etc/ldap/certificate.pem TLSCertificateKeyFile /etc/ldap/private.key TLSCipherSuite !ALL:HIGH:+SSLv3:+TLSv1:MEDIUM:+SSLv2:!aNULL:!NULL:+SHA: +MD5 </slapd.conf snip>
OpenLDAP 2.4.7-5 on Debian x86 installed from apt
What did I do wrong? I would swear the cipher list is good, but.... Pat