From 8f37dbae938ca63269f51dc03521343f5794d245 Mon Sep 17 00:00:00 2001 From: Quanah Gibson-Mount Date: Thu, 6 Jan 2011 22:30:33 +0000 Subject: [PATCH] ITS#6525 gnutls cipher spec is unclear --- doc/man/man5/slapd-config.5 | 25 +++++++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) diff --git a/doc/man/man5/slapd-config.5 b/doc/man/man5/slapd-config.5 index c1189409f5..6234307265 100644 --- a/doc/man/man5/slapd-config.5 +++ b/doc/man/man5/slapd-config.5 @@ -817,9 +817,17 @@ you can specify. .TP .B olcTLSCipherSuite: Permits configuring what ciphers will be accepted and the preference order. - should be a cipher specification for OpenSSL. Example: - + should be a cipher specification for OpenSSL resp. GNUtls. +Example: +.RS +.RS +.TP +.I OpenSSL: olcTLSCipherSuite: HIGH:MEDIUM:+SSLv2 +.TP +.I GNUtls: +TLSCiphersuite SECURE256:!AES-128-CBC +.RE To check what ciphers a given spec selects in OpenSSL, use: @@ -827,11 +835,19 @@ To check what ciphers a given spec selects in OpenSSL, use: openssl ciphers \-v .fi -To obtain the list of ciphers in GNUtls use: +With GNUtls the available specs can be found in the manual page of +.BR gnutls\-cli (1) +(see the description of the +option +.BR \-\-priority ). + +In older versions of GNUtls, where gnutls\-cli does not support the option +\-\-priority, you can obtain the \(em more limited \(em list of ciphers by calling: .nf - gnutls-cli \-l + gnutls\-cli \-l .fi +.RE .TP .B olcTLSCACertificateFile: Specifies the file that contains certificates for all of the Certificate @@ -2017,6 +2033,7 @@ default slapd configuration directory .SH SEE ALSO .BR ldap (3), .BR ldif (5), +.BR gnutls\-cli (1), .BR slapd.access (5), .BR slapd.backends (5), .BR slapd.conf (5), -- 2.39.5