[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Configuring TLS

To: Jay Chandler <chandler.lists@chapman.edu>
Subject: Re: Configuring TLS
From: Michael Ströder <michael@stroeder.com>
Date: Thu, 26 Jul 2007 08:56:36 +0200
Cc: openldap-software@openldap.org
In-reply-to: <46A7C1B4.4010908@chapman.edu>
References: <46A7A124.4070109@chapman.edu> <8217e8cc0707251302v677ca28dyc7748b47731f3300@mail.gmail.com> <46A7B2D7.1090308@chapman.edu> <46A7C1B4.4010908@chapman.edu>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.5) Gecko/20070716 SeaMonkey/1.1.3

Jay Chandler wrote:
>
> TLSCipherSuite HIGH:MEDIUM:+SSLv2

You SHOULD NOT allow SSLv2. This SSL version has serious security flaws.
I'm also not sure about the strength of the ciphers defined by MEDIUM.

Ciao, Michael.

References:
- Configuring TLS
  - From: Jay Chandler <chandler.lists@chapman.edu>
- Re: Configuring TLS
  - From: Jay Chandler <chandler.lists@chapman.edu>
- Re: Configuring TLS
  - From: Jay Chandler <chandler.lists@chapman.edu>

Prev by Date: Re: failover config: servers with same DNS address and TLS, subjectAltName extension
Next by Date: Re: failover config: servers with same DNS address and TLS, subjectAltName extension
Index(es):
- Chronological
- Thread