Antw: Re: Q: TLS support

["Ulrich Windl" <Ulrich.Windl@rz.uni-regensburg.de>]

>>> Quanah Gibson-Mount <quanah@zimbra.com> schrieb am 16.07.2013 um 18:08 in
Nachricht <7D4A20353DA988409253CCDE@[192.168.1.22]>:
> --On Tuesday, July 16, 2013 8:17 AM +0200 Ulrich Windl 
> <Ulrich.Windl@rz.uni-regensburg.de> wrote:
> 
>> Hi!
>>
>> I have some questions on TLS support in OpenLDAP:
>>
>> 1) How can I find out which cipher suite had been configured (when using
>> the distribution-supplied version)? From ldd I guess my slapd is using
>> libopenssl0_9_8.
> 
> If specific cipher suites have been configured, it would be in the slapd 
> configuration.  Otherwise, they'll be negotiated.

The question was: (How) can (if at all) I find out what cipher suite was compiled (linked with) into slapd?

> 
>> 2) Is the restriction ("This directive is not supported when using
>> GnuTLS.") on TLSCACertificatePath and GunTLS still effective? I'd like to
>> use it, but I'm unsure what the cipher suite is.
> 
> Why would you want to use an inferior and insecure TLS implementation?

I don't want to use GnuTLS; I wonder whether I can safely use the more flexible TLSCACertificatePath instead of a CA bundle file.

> 
> --Quanah
> 
> --
> 
> Quanah Gibson-Mount
> Lead Engineer
> Zimbra, Inc
> --------------------
> Zimbra ::  the leader in open source messaging and collaboration