Re: Selecting TLS Cipher problem

To: Philip Guenther <guenther+ldapsoft@sendmail.com>, Pat Riehecky <prieheck@iwu.edu>
Subject: Re: Selecting TLS Cipher problem
From: Quanah Gibson-Mount <quanah@zimbra.com>
Date: Mon, 24 Mar 2008 12:24:02 -0700
Cc: openldap-software@openldap.org
Content-disposition: inline
In-reply-to: <alpine.BSO.1.00.0803241232220.14991@vanye.mho.net>
References: <1206382616.7251.15.camel@localhost> <alpine.BSO.1.00.0803241232220.14991@vanye.mho.net>

--On Monday, March 24, 2008 12:44 PM -0600 Philip Guenther <guenther+ldapsoft@sendmail.com> wrote:

On Mon, 24 Mar 2008, Pat Riehecky wrote:

I am trying to limit the cipher list for TLS negotiations, but I don't
seem to be able to do this.....

...

TLS: could not set cipher list !ALL:HIGH:+SSLv3:+TLSv1:MEDIUM:+SSLv2:!
aNULL:!NULL:+SHA:+MD5.
main: TLS init def ctx failed: -1


You can test your cipher list expression by passing it to the "openssl
ciphers" command:

$ openssl ciphers -v

I'd note that Debian links against GnuTLS, not OpenSSL, and some of the cipher names are different.

--Quanah

--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration

Follow-Ups:
- Re: Selecting TLS Cipher problem
  - From: Russ Allbery <rra@stanford.edu>

References:
- Selecting TLS Cipher problem
  - From: Pat Riehecky <prieheck@iwu.edu>
- Re: Selecting TLS Cipher problem
  - From: Philip Guenther <guenther+ldapsoft@sendmail.com>