Howard Chu wrote:Dieter KlÃnter wrote:Hi, I wonder whether openldap, if compiled with openssl-1.x, will support PFS. http://en.wikipedia.org/wiki/Perfect_forward_secrecy This issue has been discussed on several mailinglists recently.It already does, but you have to use the right cipher suites. Also see ITS #7595 http://www.openldap.org/its/index.cgi/Incoming?id=7595http://www.openldap.org/doc/admin24/tls.html mentions directive 'TLSEphemeralDHParamFile' whereas slapd.conf(5) mentions 'TLSDHParamFile'.
The latter is correct. Can you file a doc bug? --Quanah -- Quanah Gibson-Mount Lead Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration