Re: PFS: ITS#7506 in master but not in release

Christopher Odenbach wrote:

while I was trying to find out why slapd does not use Perfect Forward Secrecy I found bug #7506 from september 2013. The patch has already been applied to the master branch but still cannot be found in any released version since. Why is this so? I would like to see good encryption in OpenLDAP for Debian.

I'm having PFS with OpenLDAP linked against OpenSSL after setting TLSDHParamFile to point to a file generated with "openssl dhparam".

Not sure whether it works with Debian version which is linked against GnuTLS though.

Ciao, Michael.