Dieter Kluenter schrieb:
Sebastian Reinhardt snr@lmv-hartmannsdorf.de writes:
Dieter Kluenter schrieb:
Sebastian Reinhardt snr@lmv-hartmannsdorf.de writes:
[...]
In order to find out run openssl ciphers SSLv2 openssl ciphers HIGH openssl ciphers MEDIUM
[...]
Hi Dieter, I get the following output:
lmvserver:~ #openssl ciphers SSLv2 DES-CBC3-MD5:DES-CBC-MD5:EXP-RC2-CBC-MD5:RC2-CBC-MD5:EXP-RC4-MD5:RC4-MD5
lmvserver:~ # openssl ciphers MEDIUM ADH-RC4-MD5:RC4-SHA:RC4-MD5:RC2-CBC-MD5:RC4-MD5
lmvserver:~ # openssl ciphers HIGH ADH-CAMELLIA256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:CAMELLIA256-SHA:ADH-CAMELLIA128-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:CAMELLIA128-SHA:ADH-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:ADH-AES128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:ADH-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-MD5
So I think, this should work?! SSLv3 is also available. Is it better to use "TLSCipherSuite HIGH:MEDIUM:+SSLv3"?
Just try TLSCipherSuite HIGH If you see any failures try HIGH:MEDIUM
-Dieter
I tried it, here the result:
with "TLSCipherSuite HIGH"
Shutting down ldap-server done Starting ldap-serverstartproc: exit status of parent of /usr/lib/openldap/slapd: 1 failed
with "TLSCipherSuite HIGH:Medium"
Shutting down ldap-server done Starting ldap-serverstartproc: exit status of parent of /usr/lib/openldap/slapd: 1 failed