Ulrich Windl wrote: >>>> Michael Ströder <michael@stroeder.com> schrieb am 20.10.2014 um 08:47 in > Nachricht <5444B01F.2050701@stroeder.com>: >> Ulrich Windl wrote: >>> Related question: If a slapcat of the config database doesn't show a value >>> for TLSCipherSuite, does it mean it is some default value? >> >> >> I'm pretty sure the default depends on the TLS lib used and how it was >> built for a certain OS. > > Does it mean openLDAP has no idea about the default, unless you explicitly set > it? I think so. But maybe one of the core developers can confirm. Also note that cipher key-words HIGH, MEDIUM etc. gets mapped to some library specific cipher sets which can change. E.g. OpenSSL project decided to limit the set of ciphers defined with HIGH. Which is... >> => always set TLSCipherSuite explicitly ..yet another reason to define TLS protocols and ciphers explicitly. Ciao, Michael.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature