Me too.. I had some problems recently trying to secure a connection, do not know why but I had to set all of them to 256, lower number gave errors of "..stronger something needed.." taking a look at the logs I saw that most to the connection were "established ssf=256", so, I tried that number and worked out, but hate guessing, and less when security is involved, the man page is clear, but how can I know if I need 65, 112, 128 or whatever?
For what I read about which ssf to use for a specific connection , you have to to use ACL's, I found some examples in the documentation.
Bytes..
During Wed, 11 Apr 2007, Matthias Nagl Spat Out:
Date: Wed, 11 Apr 2007 10:57:16 +0200 From: Matthias Nagl openldap-list@mnagl.de To: openldap-software@openldap.org Subject: documentation for security ssf-settings
Is there any more comprehensive documentation for the security strength factors in the security statement than the man-page entry?
"The minssf=<factor> property specifies the minimum acceptable security strength factor as an integer approximate to effective key length used for encryption. 0 (zero) implies no protection, 1 implies integrity protection only, 56 allows DES or other weak ciphers, 112 allows triple DES and other strong ciphers, 128 allows RC4, Blowfish and other modern strong ciphers. The default is 0."
I am espacially interested which consequences the different ssf-settings exactly have. What is really checked if I set for example security transport=x sasl=y tls=z ??
Additionally I'd like to know if it is possible to set special security-settings for localhost-connections as they are always secure and won't need encryption.
Thanks
Matthias