Am Fri, 19 Feb 2016 09:19:28 +0100 schrieb Michael Ströder michael@stroeder.com:
Dieter Klünter wrote:
Am Thu, 18 Feb 2016 22:20:16 -0700
Feb 18 22:19:04 baneling slapd[22171]: conn=1005 fd=15 ACCEPT from IP=10.1.10.12:55750 (IP=0.0.0.0:389) Feb 18 22:19:04 baneling slapd[22171]: conn=1005 op=0 EXT oid=1.3.6.1.4.1.1466.20037 Feb 18 22:19:04 baneling slapd[22171]: conn=1005 op=0 STARTTLS Feb 18 22:19:04 baneling slapd[22171]: conn=1005 op=0 RESULT oid= err=0 text= Feb 18 22:19:04 baneling slapd[22171]: conn=1005 fd=15 TLS established tls_ssf=256 ssf=256
[...]
You still have a overall security ssf=256 and it seems your TLS session used a key length lower than 256 bit, check your TLS configuration.
Dieter, the log lines say: tls_ssf=256
=> TLS seems to be ok.
might be, but I think that security strength factor is just a requirement for a given session, but doesn't say anything about configured and used ciphers.
-Dieter