[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Selecting TLS Cipher problem
I am trying to limit the cipher list for TLS negotiations, but I don't
seem to be able to do this.....
... output from -d -1....
2.5.13.0 (objectIdentifierMatch): matchingRuleUse: ( 2.5.13.0 NAME
'objectIdentifierMatch' APPLIES ( supportedControl $ supportedExtension
$ supportedFeatures $ supportedApplicationContext ) )
TLS: could not set cipher list !ALL:HIGH:+SSLv3:+TLSv1:MEDIUM:+SSLv2:!
aNULL:!NULL:+SHA:+MD5.
main: TLS init def ctx failed: -1
slapd destroy: freeing system resources.
slapd stopped.
connections_destroy: nothing to destroy.
</-d -1 snip>
Here is all of my TLS data from my slapd.conf
# SSL
TLSCertificateFile /etc/ldap/certificate.pem
TLSCertificateKeyFile /etc/ldap/private.key
TLSCipherSuite !ALL:HIGH:+SSLv3:+TLSv1:MEDIUM:+SSLv2:!aNULL:!NULL:+SHA:
+MD5
</slapd.conf snip>
OpenLDAP 2.4.7-5 on Debian x86 installed from apt
What did I do wrong? I would swear the cipher list is good, but....
Pat