[Date Prev][Date Next] [Chronological] [Thread] [Top]

Patch: CIPHER_SERVER_PREFERENCE

To: openldap-technical@openldap.org
Subject: Patch: CIPHER_SERVER_PREFERENCE
From: "A. Schulze" <sca@andreasschulze.de>
Date: Wed, 09 Mar 2016 08:28:48 +0100
Dkim-filter: OpenDKIM Filter v2.11.0 mail.somaf.de 3qKlQ93jGBzDbs
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=andreasschulze.de; s=ybz; t=1457508529; bh=KzbZzBP/cLi9xII1ytliCGhCaDyCDfAW09LPROdU7ek=; h=Date:From:To:Subject; b=RYLSvCqbFnsLCaPiedumjOX1fuLx4hG9OQ6dQAvcL59U93MNoD+imyBOqiSL0l3Nq ug7D8auUe2lvlR3pSfG5b1YxNAtav+zl2/mECRM/EZcop0hppQJrcpOCznjBOKZ7Jy fIjbVFQi/gJMKKzSZuKw7AiakgTyN7bzhxzKUObs0lITGCtQxr+4VD4ANP4aEIZPtu 0Z/2oH5GkXSk4bw6DY7+d8Yb+0L80Kfv/BjG+NClLF20SAmtBhrc3DmJY8XeTNMckg 4S7igkvrAEY26Z1vloppRUp4thCBMQwOa29cnrz8kfrMkEdg/VKybbcsnfQLE8IjhL 2Fp/+EeAtfxjA==
User-agent: Horde Application Framework 5


Hello,

The patch implement a feature similar tohttp://www.postfix.org/postconf.5.html#tls_preempt_cipherlist

Not perfect, not configurable but works here without problems.

Andreas

Description: force openssl use the server side cipher preference
Author: A. Schulze
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
Index: openldap-2.4.44/libraries/libldap/tls_o.c
===================================================================
--- openldap-2.4.44.orig/libraries/libldap/tls_o.c
+++ openldap-2.4.44/libraries/libldap/tls_o.c
@@ -363,6 +363,8 @@ tlso_ctx_init( struct ldapoptions *lo, s
 		}
 	}
 #endif
+	/* maybe some # ifdef are needed */
+	SSL_CTX_set_options( ctx, SSL_OP_CIPHER_SERVER_PREFERENCE );
 	return 0;
 }

Follow-Ups:
- Re: Patch: CIPHER_SERVER_PREFERENCE
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: delta sync and strictrefresh
Next by Date: man page patches
Index(es):
- Chronological
- Thread