--On November 10, 2014 at 6:38:18 PM +0100 Christopher Odenbach odenbach@uni-paderborn.de wrote:
Am 10.11.2014 um 17:44 schrieb Dieter Klünter:
You should pobably read GnuTLS Docs on this matter, and this blog for background information.
https://sys4.de/de/blog/2013/09/09/perfect-forward-secrecy-eine-zusammen fassung
I have already read this blog, I know about the dh-params file. The problem I am talking about was in OpenLDAP master until last year, then it was fixed. But this fix has not found its way into the releases yet. I just ask the question why and when we will be able to see it in the releases.
The patch I am talking about:
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=622d13 a32ec8d623c26a11b60b63e443dc86df99
But even in 2.4.40 the bug is still present (with GnuTLS there are no DH ciphers available).
It will definitely be in OpenLDAP 2.5.x
--Quanah