Hi!
I have some questions on TLS support in OpenLDAP:
1) How can I find out which cipher suite had been configured (when using the distribution-supplied version)? From ldd I guess my slapd is using libopenssl0_9_8.
2) Is the restriction ("This directive is not supported when using GnuTLS.") on TLSCACertificatePath and GunTLS still effective? I'd like to use it, but I'm unsure what the cipher suite is.
3) Do the CA certificates for TLSCACertificateFile have to have a specific ordering?
Regards, Ulrich
--On Tuesday, July 16, 2013 8:17 AM +0200 Ulrich Windl Ulrich.Windl@rz.uni-regensburg.de wrote:
Hi!
I have some questions on TLS support in OpenLDAP:
- How can I find out which cipher suite had been configured (when using
the distribution-supplied version)? From ldd I guess my slapd is using libopenssl0_9_8.
If specific cipher suites have been configured, it would be in the slapd configuration. Otherwise, they'll be negotiated.
- Is the restriction ("This directive is not supported when using
GnuTLS.") on TLSCACertificatePath and GunTLS still effective? I'd like to use it, but I'm unsure what the cipher suite is.
Why would you want to use an inferior and insecure TLS implementation?
--Quanah
--
Quanah Gibson-Mount Lead Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
Quanah Gibson-Mount quanah@zimbra.com schrieb am 16.07.2013 um 18:08 in
Nachricht <7D4A20353DA988409253CCDE@[192.168.1.22]>:
--On Tuesday, July 16, 2013 8:17 AM +0200 Ulrich Windl Ulrich.Windl@rz.uni-regensburg.de wrote:
Hi!
I have some questions on TLS support in OpenLDAP:
- How can I find out which cipher suite had been configured (when using
the distribution-supplied version)? From ldd I guess my slapd is using libopenssl0_9_8.
If specific cipher suites have been configured, it would be in the slapd configuration. Otherwise, they'll be negotiated.
The question was: (How) can (if at all) I find out what cipher suite was compiled (linked with) into slapd?
- Is the restriction ("This directive is not supported when using
GnuTLS.") on TLSCACertificatePath and GunTLS still effective? I'd like to use it, but I'm unsure what the cipher suite is.
Why would you want to use an inferior and insecure TLS implementation?
I don't want to use GnuTLS; I wonder whether I can safely use the more flexible TLSCACertificatePath instead of a CA bundle file.
--Quanah
--
Quanah Gibson-Mount Lead Engineer Zimbra, Inc
Zimbra :: the leader in open source messaging and collaboration
Ulrich Windl wrote:
Quanah Gibson-Mount quanah@zimbra.com schrieb am 16.07.2013 um 18:08 in
Nachricht <7D4A20353DA988409253CCDE@[192.168.1.22]>:
--On Tuesday, July 16, 2013 8:17 AM +0200 Ulrich Windl Ulrich.Windl@rz.uni-regensburg.de wrote:
Hi!
I have some questions on TLS support in OpenLDAP:
- How can I find out which cipher suite had been configured (when using
the distribution-supplied version)? From ldd I guess my slapd is using libopenssl0_9_8.
If specific cipher suites have been configured, it would be in the slapd configuration. Otherwise, they'll be negotiated.
The question was: (How) can (if at all) I find out what cipher suite was compiled (linked with) into slapd?
The answer is "there are no cipher suites compiled into slapd."
- Is the restriction ("This directive is not supported when using
GnuTLS.") on TLSCACertificatePath and GunTLS still effective? I'd like to use it, but I'm unsure what the cipher suite is.
Why would you want to use an inferior and insecure TLS implementation?
I don't want to use GnuTLS; I wonder whether I can safely use the more flexible TLSCACertificatePath instead of a CA bundle file.
If you're using OpenSSL then a comment specifically about GnuTLS does not apply to you.
openldap-technical@openldap.org