Christopher Odenbach wrote:
while I was trying to find out why slapd does not use Perfect Forward Secrecy I found bug #7506 from september 2013. The patch has already been applied to the master branch but still cannot be found in any released version since. Why is this so? I would like to see good encryption in OpenLDAP for Debian.
I'm having PFS with OpenLDAP linked against OpenSSL after setting TLSDHParamFile to point to a file generated with "openssl dhparam".
Not sure whether it works with Debian version which is linked against GnuTLS though.
Ciao, Michael.