[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Perfect Forward Secrecy

To: Quanah Gibson-Mount <quanah@zimbra.com>, Howard Chu <hyc@symas.com>, openldap-technical@openldap.org
Subject: Re: Perfect Forward Secrecy
From: Michael StrÃder <michael@stroeder.com>
Date: Sat, 07 Sep 2013 01:32:07 +0200
In-reply-to: <BDDCA0537C0CAD69816FD8DD@[192.168.1.22]>
References: <20130906190606.19563ea6@pink.avci.de> <522A35E1.3070606@symas.com> <522A4A3A.9060401@stroeder.com> <BDDCA0537C0CAD69816FD8DD@[192.168.1.22]>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:23.0) Gecko/20100101 Firefox/23.0 SeaMonkey/2.20

Quanah Gibson-Mount wrote:
> --On Friday, September 06, 2013 11:33 PM +0200 Michael StrÃder
> <michael@stroeder.com> wrote:
> 
>> Howard Chu wrote:
>>> Dieter KlÃnter wrote:
>>>> Hi,
>>>> I wonder whether openldap, if compiled with openssl-1.x, will support
>>>> PFS. http://en.wikipedia.org/wiki/Perfect_forward_secrecy
>>>> This issue has been discussed on several mailinglists recently.
>>>
>>> It already does, but you have to use the right cipher suites.
>>>
>>> Also see ITS #7595 http://www.openldap.org/its/index.cgi/Incoming?id=7595
>>
>> http://www.openldap.org/doc/admin24/tls.html mentions directive
>> 'TLSEphemeralDHParamFile' whereas slapd.conf(5) mentions 'TLSDHParamFile'.
> 
> The latter is correct.  Can you file a doc bug?

http://www.openldap.org/its/index.cgi?findid=7684

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

References:
- Perfect Forward Secrecy
  - From: Dieter KlÃnter <dieter@dkluenter.de>
- Re: Perfect Forward Secrecy
  - From: Howard Chu <hyc@symas.com>
- Re: Perfect Forward Secrecy
  - From: Michael StrÃder <michael@stroeder.com>
- Re: Perfect Forward Secrecy
  - From: Quanah Gibson-Mount <quanah@zimbra.com>

Prev by Date: RE: Antw: Re: Log service time?
Next by Date: Re: Perfect Forward Secrecy
Index(es):
- Chronological
- Thread