[Bug 317401] Re: Wrong documentation for TLSCipherSuite
nutznboltz
kstailey at yahoo.com
Wed Oct 28 20:11:53 GMT 2009
Jaunty uses a newer libgnutls option. The slapd.conf man page (and
slapd-conf man page) still says you can find cipher names for
TLSCipherSuite (and olcTLSCipherSuite) by running "gnutls-cli -l" but
names output by that command are not accepted as options for
TLSCipherSuite. This is a bug in the documentation.
If you look through the libgnutls source code (file
gnutls26-2.4.2/lib/gnutls_priority.c function gnutls_priority_init() )
reveals option names.
As an example, this syntax is accepted by slapd if you use slapd.conf on
Jaunty:
TLSCipherSuite SECURE256:SECURE128
but OpenLDAP on Hardy could use
TLSCipherSuite TLS_RSA_AES_256_CBC_SHA1:TLS_RSA_ARCFOUR_MD5
and now slapd on Jaunty will not start if you try that despite what the
manual page says about TLSCipherSuite accepting ciphers that "gnutls-cli
-l" outputs.
--
Wrong documentation for TLSCipherSuite
https://bugs.launchpad.net/bugs/317401
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap2.3 in ubuntu.
More information about the Ubuntu-server-bugs
mailing list