upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2026-01-07 15:41:24 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

ITS#6525 gnutls cipher spec is unclear

Browse source
This commit is contained in:
Gavin Henry 2011-01-06 18:11:46 +00:00
parent 30b3705c9d
commit 632f8d7a23
2 changed files with 44 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
doc/man/man5/ldap.conf.5
View file

@ -334,19 +334,37 @@ it is of critical importance that the key file is protected carefully.
.B TLS_CIPHER_SUITE <cipher-suite-spec>
Specifies acceptable cipher suite and preference order.
<cipher-suite-spec> should be a cipher specification for OpenSSL,
e.g., HIGH:MEDIUM:+SSLv2.
<cipher-suite-spec> should be a cipher specification for OpenSSL resp. GNUtls.
Example:
.RS
.RS
.TP
.I OpenSSL:
TLS_CIPHER_SUITE HIGH:MEDIUM:+SSLv2
.TP
.I GNUtls:
TLS_CIPHER_SUITE SECURE256:!AES-128-CBC
.RE
To check what ciphers a given spec selects, use:
To check what ciphers a given spec selects in OpenSSL, use:
.nf
openssl ciphers \-v <cipher-suite-spec>
.fi
To obtain the list of ciphers in GNUtls use:
With GNUtls the available specs can be found in the manual page of
.BR gnutls\-cli (1)
(see the description of the
option
.BR \-\-priority ).
In older versions of GNUtls, where gnutls\-cli does not support the option
\-\-priority, you can obtain the \(em more limited \(em list of ciphers by calling:
.nf
gnutls-cli \-l
gnutls\-cli \-l
.fi
.RE
.TP
.B TLS_RANDFILE <filename>
Specifies the file to obtain random bits from when /dev/[u]random is

28
doc/man/man5/slapd.conf.5
View file

@ -1029,22 +1029,37 @@ you can specify.
.TP
.B TLSCipherSuite <cipher-suite-spec>
Permits configuring what ciphers will be accepted and the preference order.
<cipher-suite-spec> should be a cipher specification for OpenSSL. Example:
<cipher-suite-spec> should be a cipher specification for OpenSSL resp. GNUtls.
Example:
.RS
.RS
.TP
.I OpenSSL:
TLSCipherSuite HIGH:MEDIUM:+SSLv2
.TP
.I GNUtls:
TLSCiphersuite SECURE256:!AES-128-CBC
.RE
To check what ciphers a given spec selects, use:
To check what ciphers a given spec selects in OpenSSL, use:
.nf
openssl ciphers \-v <cipher-suite-spec>
.fi
To obtain the list of ciphers in GNUtls use:
With GNUtls the available specs can be found in the manual page of
.BR gnutls\-cli (1)
(see the description of the
option
.BR \-\-priority ).
In older versions of GNUtls, where gnutls\-cli does not support the option
\-\-priority, you can obtain the \(em more limited \(em list of ciphers by calling:
.nf
gnutls-cli \-l
gnutls\-cli \-l
.fi
.RE
.TP
.B TLSCACertificateFile <filename>
Specifies the file that contains certificates for all of the Certificate
@ -1943,6 +1958,7 @@ ETCDIR/slapd.conf
default slapd configuration file
.SH SEE ALSO
.BR ldap (3),
.BR gnutls\-cli (1),
.BR slapd\-config (5),
.BR slapd.access (5),
.BR slapd.backends (5),