Me too.. I had some problems recently trying to secure a connection, do
not know why but I had to set all of them to 256, lower number gave
errors of "..stronger something needed.." taking a look at the logs I
saw that most to the connection were "established ssf=256", so, I tried
that number and worked out, but hate guessing, and less when security is
involved, the man page is clear, but how can I know if I need 65, 112,
128 or whatever?
For what I read about which ssf to use for a specific connection , you
have to to use ACL's, I found some examples in the documentation.
During Wed, 11 Apr 2007, Matthias Nagl Spat Out:
Date: Wed, 11 Apr 2007 10:57:16 +0200
From: Matthias Nagl <openldap-list(a)mnagl.de>
Subject: documentation for security ssf-settings
Is there any more comprehensive documentation for the security strength
factors in the security statement than the man-page entry?
"The minssf=<factor> property specifies the minimum acceptable security
strength factor as an integer approximate to effective key length used for
encryption. 0 (zero) implies no protection, 1 implies integrity protection
only, 56 allows DES or other weak ciphers, 112 allows triple DES and other
strong ciphers, 128 allows RC4, Blowfish and other modern strong ciphers.
The default is 0."
I am espacially interested which consequences the different ssf-settings
exactly have. What is really checked if I set for example
security transport=x sasl=y tls=z ??
Additionally I'd like to know if it is possible to set special
security-settings for localhost-connections as they are always secure and
won't need encryption.
*-=> LCP - SAIR Linux Certified Professional <=-*
*-=> Powered By FreeBSD 6.2-STABLE - The Power To Serve <=-*
*-=> GPG Public Key at http://gnv.us.ks.cryptnet.net
*-=> Telematica S.R.L Telecomunicaciones <=-*
*-=> Tel./Fax: (598)2 408 2837 - 4024596 E. Acevedo 1622 <=-*
This message was checked by forty monkeys and found to not
contain any SPAM whatsoever.
-- Your monkeys may vary