[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ITS#4354 syncrepl over sasl external tls fails

To: openldap-its@OpenLDAP.org
Subject: Re: ITS#4354 syncrepl over sasl external tls fails
From: hyc@symas.com
Date: Thu, 19 Jan 2006 17:24:44 GMT

hyc@symas.com wrote:
> This looks like an unforeseen side-effect of the ITS#4017 fix that went 
> into 2.3.12. Now that we support the Diffie-Hellman handshakes, you will 
> get the Anonymous Diffie-Hellman (ADH) exchanges when you enable HIGH in 
> your cipher suites. In ADH no certificates are exchanged, so any attempt 
> to use them (e.g., SASL EXTERNAL) will fail. You need to add "!ADH" to 
> your cipher suite specification to prevent this problem from occurring.
>   

This is now fixed in CVS HEAD, we now will not enable Diffie-Hellman key 
exchanges unless the DH parameter file is explicitly configured.

-- 
  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc
  OpenLDAP Core Team            http://www.openldap.org/project/

Prev by Date: ITS#4354 syncrepl over sasl external tls fails
Next by Date: Re: ITS#4354 syncrepl over sasl external tls fails
Index(es):
- Chronological
- Thread