Bonsoir,
2012/10/8 Tobias Hachmer lists@kokelnet.de:
I'm using openldap 2.4.28 on ubuntu server and configured TLS. I want to allow write operations only when ssf=256 is used. (security update_ssf=256)
[...]
- Why is the client connecting with ssf=128?
That's a result of ciphersuite negociation.
- Can I influence the ssf used by client, if yes, how?
Just allow 256bits ciphersuites on the client or the server, or place 256bits ciphersuites first in the list. Try adding this to your global ldap.conf or locap .ldaprc file:
TLS_CIPHER_SUITE AES256
or
TLS_CIPHER_SUITE SECURE256
Depending on the crypto library used (OpenSSL or GNUTLS).
- Maybe a certificate issue?
No. You can do DES (56bits) or AES256 with the same certificate.