ITS#6525

diff --git a/CHANGES b/CHANGES
index ae4761152adc52095911e49de06be5e540877e8d..ecb7d8567e2feb20d24eb13bece5ca0e8a901663 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -121,6 +121,9 @@ OpenLDAP 2.4.24 Engineering
                admin24 guide refint rootdn requirement (ITS#6364)
                admin24 add pcache overlay section (ITS#6521)
                ldap_open(3) document ldap_set_urllist_proc (ITS#6601)
+               ldap.conf(5) GNUTls cipher spec info (ITS#6525)
+               slapd.conf(5) GNUTls cipher spec info (ITS#6525)
+               slapd-config(5) GNUTls cipher spec info (ITS#6525)
                slapo-pcache(5) note rootdn requirement (ITS#6522)
                slapo-refint(5) rootdn requirement (ITS#6364)
 

diff --git a/doc/man/man5/slapd-config.5 b/doc/man/man5/slapd-config.5
index 5c159794d58e2ce5f1a7e3116a1e45ccaece90db..5f059816292bf1582d58bfe36c1d358c0a3562eb 100644 (file)
--- a/doc/man/man5/slapd-config.5
+++ b/doc/man/man5/slapd-config.5
@@ -798,9 +798,17 @@ you can specify.
 .TP
 .B olcTLSCipherSuite: <cipher-suite-spec>
 Permits configuring what ciphers will be accepted and the preference order.
-<cipher-suite-spec> should be a cipher specification for OpenSSL.  Example:
-
+<cipher-suite-spec> should be a cipher specification for OpenSSL resp. GNUtls.
+Example:
+.RS
+.RS
+.TP
+.I OpenSSL:
 olcTLSCipherSuite: HIGH:MEDIUM:+SSLv2
+.TP
+.I GNUtls:
+TLSCiphersuite SECURE256:!AES-128-CBC
+.RE
 
 To check what ciphers a given spec selects in OpenSSL, use:
 
@@ -808,11 +816,19 @@ To check what ciphers a given spec selects in OpenSSL, use:
        openssl ciphers \-v <cipher-suite-spec>
 .fi
 
-To obtain the list of ciphers in GNUtls use:
+With GNUtls the available specs can be found in the manual page of
+.BR gnutls\-cli (1)
+(see the description of the
+option
+.BR \-\-priority ).
+
+In older versions of GNUtls, where gnutls\-cli does not support the option
+\-\-priority, you can obtain the \(em more limited \(em list of ciphers by calling:
 
 .nf
-       gnutls-cli \-l
+       gnutls\-cli \-l
 .fi
+.RE
 .TP
 .B olcTLSCACertificateFile: <filename>
 Specifies the file that contains certificates for all of the Certificate
@@ -1998,6 +2014,7 @@ default slapd configuration directory
 .SH SEE ALSO
 .BR ldap (3),
 .BR ldif (5),
+.BR gnutls\-cli (1),
 .BR slapd.access (5),
 .BR slapd.backends (5),
 .BR slapd.conf (5),

diff --git a/doc/man/man5/slapd.conf.5 b/doc/man/man5/slapd.conf.5
index 6e6800c4b44942ec158e021a7967b9b25668ae01..15ef8a4b28dd7adc202b070fb49043b2e13349f7 100644 (file)
--- a/doc/man/man5/slapd.conf.5
+++ b/doc/man/man5/slapd.conf.5
@@ -1029,22 +1029,37 @@ you can specify.
 .TP
 .B TLSCipherSuite <cipher-suite-spec>
 Permits configuring what ciphers will be accepted and the preference order.
-<cipher-suite-spec> should be a cipher specification for OpenSSL.  Example:
-
+<cipher-suite-spec> should be a cipher specification for OpenSSL resp. GNUtls.
+Example:
+.RS
+.RS
+.TP
+.I OpenSSL:
 TLSCipherSuite HIGH:MEDIUM:+SSLv2
+.TP
+.I GNUtls:
+TLSCiphersuite SECURE256:!AES-128-CBC
+.RE
 
-To check what ciphers a given spec selects, use:
+To check what ciphers a given spec selects in OpenSSL, use:
 
 .nf
        openssl ciphers \-v <cipher-suite-spec>
 .fi
 
-To obtain the list of ciphers in GNUtls use:
+With GNUtls the available specs can be found in the manual page of 
+.BR gnutls\-cli (1)
+(see the description of the 
+option
+.BR \-\-priority ).
+
+In older versions of GNUtls, where gnutls\-cli does not support the option
+\-\-priority, you can obtain the \(em more limited \(em list of ciphers by calling:
 
 .nf
-       gnutls-cli \-l
+       gnutls\-cli \-l
 .fi
-
+.RE
 .TP
 .B TLSCACertificateFile <filename>
 Specifies the file that contains certificates for all of the Certificate
@@ -1930,6 +1945,7 @@ ETCDIR/slapd.conf
 default slapd configuration file
 .SH SEE ALSO
 .BR ldap (3),
+.BR gnutls\-cli (1),
 .BR slapd\-config (5),
 .BR slapd.access (5),
 .BR slapd.backends (5),