From: Quanah Gibson-Mount Date: Thu, 6 Jan 2011 22:30:33 +0000 (+0000) Subject: ITS#6525 gnutls cipher spec is unclear X-Git-Tag: MIGRATION_CVS2GIT~228 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=8f37dbae938ca63269f51dc03521343f5794d245;p=openldap ITS#6525 gnutls cipher spec is unclear --- diff --git a/doc/man/man5/slapd-config.5 b/doc/man/man5/slapd-config.5 index c1189409f5..6234307265 100644 --- a/doc/man/man5/slapd-config.5 +++ b/doc/man/man5/slapd-config.5 @@ -817,9 +817,17 @@ you can specify. .TP .B olcTLSCipherSuite: Permits configuring what ciphers will be accepted and the preference order. - should be a cipher specification for OpenSSL. Example: - + should be a cipher specification for OpenSSL resp. GNUtls. +Example: +.RS +.RS +.TP +.I OpenSSL: olcTLSCipherSuite: HIGH:MEDIUM:+SSLv2 +.TP +.I GNUtls: +TLSCiphersuite SECURE256:!AES-128-CBC +.RE To check what ciphers a given spec selects in OpenSSL, use: @@ -827,11 +835,19 @@ To check what ciphers a given spec selects in OpenSSL, use: openssl ciphers \-v .fi -To obtain the list of ciphers in GNUtls use: +With GNUtls the available specs can be found in the manual page of +.BR gnutls\-cli (1) +(see the description of the +option +.BR \-\-priority ). + +In older versions of GNUtls, where gnutls\-cli does not support the option +\-\-priority, you can obtain the \(em more limited \(em list of ciphers by calling: .nf - gnutls-cli \-l + gnutls\-cli \-l .fi +.RE .TP .B olcTLSCACertificateFile: Specifies the file that contains certificates for all of the Certificate @@ -2017,6 +2033,7 @@ default slapd configuration directory .SH SEE ALSO .BR ldap (3), .BR ldif (5), +.BR gnutls\-cli (1), .BR slapd.access (5), .BR slapd.backends (5), .BR slapd.conf (5),