From: Quanah Gibson-Mount Date: Thu, 6 Jan 2011 22:32:33 +0000 (+0000) Subject: ITS#6525 X-Git-Tag: OPENLDAP_REL_ENG_2_4_24~88 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=bc123e1bd5d6045a27788acf8d6cb77bf2b8b860;p=openldap ITS#6525 --- diff --git a/CHANGES b/CHANGES index ae4761152a..ecb7d8567e 100644 --- a/CHANGES +++ b/CHANGES @@ -121,6 +121,9 @@ OpenLDAP 2.4.24 Engineering admin24 guide refint rootdn requirement (ITS#6364) admin24 add pcache overlay section (ITS#6521) ldap_open(3) document ldap_set_urllist_proc (ITS#6601) + ldap.conf(5) GNUTls cipher spec info (ITS#6525) + slapd.conf(5) GNUTls cipher spec info (ITS#6525) + slapd-config(5) GNUTls cipher spec info (ITS#6525) slapo-pcache(5) note rootdn requirement (ITS#6522) slapo-refint(5) rootdn requirement (ITS#6364) diff --git a/doc/man/man5/slapd-config.5 b/doc/man/man5/slapd-config.5 index 5c159794d5..5f05981629 100644 --- a/doc/man/man5/slapd-config.5 +++ b/doc/man/man5/slapd-config.5 @@ -798,9 +798,17 @@ you can specify. .TP .B olcTLSCipherSuite: Permits configuring what ciphers will be accepted and the preference order. - should be a cipher specification for OpenSSL. Example: - + should be a cipher specification for OpenSSL resp. GNUtls. +Example: +.RS +.RS +.TP +.I OpenSSL: olcTLSCipherSuite: HIGH:MEDIUM:+SSLv2 +.TP +.I GNUtls: +TLSCiphersuite SECURE256:!AES-128-CBC +.RE To check what ciphers a given spec selects in OpenSSL, use: @@ -808,11 +816,19 @@ To check what ciphers a given spec selects in OpenSSL, use: openssl ciphers \-v .fi -To obtain the list of ciphers in GNUtls use: +With GNUtls the available specs can be found in the manual page of +.BR gnutls\-cli (1) +(see the description of the +option +.BR \-\-priority ). + +In older versions of GNUtls, where gnutls\-cli does not support the option +\-\-priority, you can obtain the \(em more limited \(em list of ciphers by calling: .nf - gnutls-cli \-l + gnutls\-cli \-l .fi +.RE .TP .B olcTLSCACertificateFile: Specifies the file that contains certificates for all of the Certificate @@ -1998,6 +2014,7 @@ default slapd configuration directory .SH SEE ALSO .BR ldap (3), .BR ldif (5), +.BR gnutls\-cli (1), .BR slapd.access (5), .BR slapd.backends (5), .BR slapd.conf (5), diff --git a/doc/man/man5/slapd.conf.5 b/doc/man/man5/slapd.conf.5 index 6e6800c4b4..15ef8a4b28 100644 --- a/doc/man/man5/slapd.conf.5 +++ b/doc/man/man5/slapd.conf.5 @@ -1029,22 +1029,37 @@ you can specify. .TP .B TLSCipherSuite Permits configuring what ciphers will be accepted and the preference order. - should be a cipher specification for OpenSSL. Example: - + should be a cipher specification for OpenSSL resp. GNUtls. +Example: +.RS +.RS +.TP +.I OpenSSL: TLSCipherSuite HIGH:MEDIUM:+SSLv2 +.TP +.I GNUtls: +TLSCiphersuite SECURE256:!AES-128-CBC +.RE -To check what ciphers a given spec selects, use: +To check what ciphers a given spec selects in OpenSSL, use: .nf openssl ciphers \-v .fi -To obtain the list of ciphers in GNUtls use: +With GNUtls the available specs can be found in the manual page of +.BR gnutls\-cli (1) +(see the description of the +option +.BR \-\-priority ). + +In older versions of GNUtls, where gnutls\-cli does not support the option +\-\-priority, you can obtain the \(em more limited \(em list of ciphers by calling: .nf - gnutls-cli \-l + gnutls\-cli \-l .fi - +.RE .TP .B TLSCACertificateFile Specifies the file that contains certificates for all of the Certificate @@ -1930,6 +1945,7 @@ ETCDIR/slapd.conf default slapd configuration file .SH SEE ALSO .BR ldap (3), +.BR gnutls\-cli (1), .BR slapd\-config (5), .BR slapd.access (5), .BR slapd.backends (5),