admin24 guide refint rootdn requirement (ITS#6364)
admin24 add pcache overlay section (ITS#6521)
ldap_open(3) document ldap_set_urllist_proc (ITS#6601)
+ ldap.conf(5) GNUTls cipher spec info (ITS#6525)
+ slapd.conf(5) GNUTls cipher spec info (ITS#6525)
+ slapd-config(5) GNUTls cipher spec info (ITS#6525)
slapo-pcache(5) note rootdn requirement (ITS#6522)
slapo-refint(5) rootdn requirement (ITS#6364)
.TP
.B olcTLSCipherSuite: <cipher-suite-spec>
Permits configuring what ciphers will be accepted and the preference order.
-<cipher-suite-spec> should be a cipher specification for OpenSSL. Example:
-
+<cipher-suite-spec> should be a cipher specification for OpenSSL resp. GNUtls.
+Example:
+.RS
+.RS
+.TP
+.I OpenSSL:
olcTLSCipherSuite: HIGH:MEDIUM:+SSLv2
+.TP
+.I GNUtls:
+TLSCiphersuite SECURE256:!AES-128-CBC
+.RE
To check what ciphers a given spec selects in OpenSSL, use:
openssl ciphers \-v <cipher-suite-spec>
.fi
-To obtain the list of ciphers in GNUtls use:
+With GNUtls the available specs can be found in the manual page of
+.BR gnutls\-cli (1)
+(see the description of the
+option
+.BR \-\-priority ).
+
+In older versions of GNUtls, where gnutls\-cli does not support the option
+\-\-priority, you can obtain the \(em more limited \(em list of ciphers by calling:
.nf
- gnutls-cli \-l
+ gnutls\-cli \-l
.fi
+.RE
.TP
.B olcTLSCACertificateFile: <filename>
Specifies the file that contains certificates for all of the Certificate
.SH SEE ALSO
.BR ldap (3),
.BR ldif (5),
+.BR gnutls\-cli (1),
.BR slapd.access (5),
.BR slapd.backends (5),
.BR slapd.conf (5),
.TP
.B TLSCipherSuite <cipher-suite-spec>
Permits configuring what ciphers will be accepted and the preference order.
-<cipher-suite-spec> should be a cipher specification for OpenSSL. Example:
-
+<cipher-suite-spec> should be a cipher specification for OpenSSL resp. GNUtls.
+Example:
+.RS
+.RS
+.TP
+.I OpenSSL:
TLSCipherSuite HIGH:MEDIUM:+SSLv2
+.TP
+.I GNUtls:
+TLSCiphersuite SECURE256:!AES-128-CBC
+.RE
-To check what ciphers a given spec selects, use:
+To check what ciphers a given spec selects in OpenSSL, use:
.nf
openssl ciphers \-v <cipher-suite-spec>
.fi
-To obtain the list of ciphers in GNUtls use:
+With GNUtls the available specs can be found in the manual page of
+.BR gnutls\-cli (1)
+(see the description of the
+option
+.BR \-\-priority ).
+
+In older versions of GNUtls, where gnutls\-cli does not support the option
+\-\-priority, you can obtain the \(em more limited \(em list of ciphers by calling:
.nf
- gnutls-cli \-l
+ gnutls\-cli \-l
.fi
-
+.RE
.TP
.B TLSCACertificateFile <filename>
Specifies the file that contains certificates for all of the Certificate
default slapd configuration file
.SH SEE ALSO
.BR ldap (3),
+.BR gnutls\-cli (1),
.BR slapd\-config (5),
.BR slapd.access (5),
.BR slapd.backends (5),