Commit 8f37dbae authored by Quanah Gibson-Mount's avatar Quanah Gibson-Mount
Browse files

ITS#6525 gnutls cipher spec is unclear

parent e45c601b
...@@ -817,9 +817,17 @@ you can specify. ...@@ -817,9 +817,17 @@ you can specify.
.TP .TP
.B olcTLSCipherSuite: <cipher-suite-spec> .B olcTLSCipherSuite: <cipher-suite-spec>
Permits configuring what ciphers will be accepted and the preference order. Permits configuring what ciphers will be accepted and the preference order.
<cipher-suite-spec> should be a cipher specification for OpenSSL. Example: <cipher-suite-spec> should be a cipher specification for OpenSSL resp. GNUtls.
Example:
.RS
.RS
.TP
.I OpenSSL:
olcTLSCipherSuite: HIGH:MEDIUM:+SSLv2 olcTLSCipherSuite: HIGH:MEDIUM:+SSLv2
.TP
.I GNUtls:
TLSCiphersuite SECURE256:!AES-128-CBC
.RE
To check what ciphers a given spec selects in OpenSSL, use: To check what ciphers a given spec selects in OpenSSL, use:
...@@ -827,11 +835,19 @@ To check what ciphers a given spec selects in OpenSSL, use: ...@@ -827,11 +835,19 @@ To check what ciphers a given spec selects in OpenSSL, use:
openssl ciphers \-v <cipher-suite-spec> openssl ciphers \-v <cipher-suite-spec>
.fi .fi
To obtain the list of ciphers in GNUtls use: With GNUtls the available specs can be found in the manual page of
.BR gnutls\-cli (1)
(see the description of the
option
.BR \-\-priority ).
In older versions of GNUtls, where gnutls\-cli does not support the option
\-\-priority, you can obtain the \(em more limited \(em list of ciphers by calling:
.nf .nf
gnutls-cli \-l gnutls\-cli \-l
.fi .fi
.RE
.TP .TP
.B olcTLSCACertificateFile: <filename> .B olcTLSCACertificateFile: <filename>
Specifies the file that contains certificates for all of the Certificate Specifies the file that contains certificates for all of the Certificate
...@@ -2017,6 +2033,7 @@ default slapd configuration directory ...@@ -2017,6 +2033,7 @@ default slapd configuration directory
.SH SEE ALSO .SH SEE ALSO
.BR ldap (3), .BR ldap (3),
.BR ldif (5), .BR ldif (5),
.BR gnutls\-cli (1),
.BR slapd.access (5), .BR slapd.access (5),
.BR slapd.backends (5), .BR slapd.backends (5),
.BR slapd.conf (5), .BR slapd.conf (5),
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment