[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Patch: CIPHER_SERVER_PREFERENCE
- To: openldap-technical@openldap.org
- Subject: Patch: CIPHER_SERVER_PREFERENCE
- From: "A. Schulze" <sca@andreasschulze.de>
- Date: Wed, 09 Mar 2016 08:28:48 +0100
- Dkim-filter: OpenDKIM Filter v2.11.0 mail.somaf.de 3qKlQ93jGBzDbs
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=andreasschulze.de; s=ybz; t=1457508529; bh=KzbZzBP/cLi9xII1ytliCGhCaDyCDfAW09LPROdU7ek=; h=Date:From:To:Subject; b=RYLSvCqbFnsLCaPiedumjOX1fuLx4hG9OQ6dQAvcL59U93MNoD+imyBOqiSL0l3Nq ug7D8auUe2lvlR3pSfG5b1YxNAtav+zl2/mECRM/EZcop0hppQJrcpOCznjBOKZ7Jy fIjbVFQi/gJMKKzSZuKw7AiakgTyN7bzhxzKUObs0lITGCtQxr+4VD4ANP4aEIZPtu 0Z/2oH5GkXSk4bw6DY7+d8Yb+0L80Kfv/BjG+NClLF20SAmtBhrc3DmJY8XeTNMckg 4S7igkvrAEY26Z1vloppRUp4thCBMQwOa29cnrz8kfrMkEdg/VKybbcsnfQLE8IjhL 2Fp/+EeAtfxjA==
- User-agent: Horde Application Framework 5
Hello,
The patch implement a feature similar to
http://www.postfix.org/postconf.5.html#tls_preempt_cipherlist
Not perfect, not configurable but works here without problems.
Andreas
Description: force openssl use the server side cipher preference
Author: A. Schulze
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
Index: openldap-2.4.44/libraries/libldap/tls_o.c
===================================================================
--- openldap-2.4.44.orig/libraries/libldap/tls_o.c
+++ openldap-2.4.44/libraries/libldap/tls_o.c
@@ -363,6 +363,8 @@ tlso_ctx_init( struct ldapoptions *lo, s
}
}
#endif
+ /* maybe some # ifdef are needed */
+ SSL_CTX_set_options( ctx, SSL_OP_CIPHER_SERVER_PREFERENCE );
return 0;
}