[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: PFS: ITS#7506 in master but not in release

To: Christopher Odenbach <odenbach@uni-paderborn.de>, openldap-technical@openldap.org
Subject: Re: PFS: ITS#7506 in master but not in release
From: Michael Ströder <michael@stroeder.com>
Date: Wed, 05 Nov 2014 15:45:57 +0100
In-reply-to: <545A2C12.8010605@uni-paderborn.de>
References: <545A2C12.8010605@uni-paderborn.de>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:29.0) Gecko/20100101 Firefox/29.0 SeaMonkey/2.26.1

Christopher Odenbach wrote:
> while I was trying to find out why slapd does not use Perfect Forward
> Secrecy I found bug #7506 from september 2013. The patch has already
> been applied to the master branch but still cannot be found in any
> released version since. Why is this so? I would like to see good
> encryption in OpenLDAP for Debian.

I'm having PFS with OpenLDAP linked against OpenSSL after setting
TLSDHParamFile to point to a file generated with "openssl dhparam".

Not sure whether it works with Debian version which is linked against GnuTLS
though.

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Follow-Ups:
- Re: PFS: ITS#7506 in master but not in release
  - From: Christopher Odenbach <odenbach@uni-paderborn.de>

References:
- PFS: ITS#7506 in master but not in release
  - From: Christopher Odenbach <odenbach@uni-paderborn.de>

Prev by Date: PFS: ITS#7506 in master but not in release
Next by Date: Re: PFS: ITS#7506 in master but not in release
Index(es):
- Chronological
- Thread