On 2013-11-26 13:37, Kurt Roeckx wrote:
On Tue, Nov 26, 2013 at 01:14:50PM +0000, Sameer Stephen wrote:
Hi,
We have an application which uses pam_ldap.so module to connect to LDAP
server. Our application( i.e. client ) uses openldap(2.4.36) which is
built against mozilla NSS library(3.15.3) and as per NSS mozilla official
website, it supports TLSv1.2 protocol/ciphers. Our application run on RHEL
6 and we have configured pam_ldap.conf with following parameters:
=======
host XXXXXXX
base dc=XXXX, dc=YYYY
ssl on
tls_ciphers TLSv1.2+HIGH:!AESGCM:!aNULL:!eNULL
=======
That looks like an openssl string to me.
I build a correspondence table between IANA, OpenSSL, GnuTLS and NSS a
couple weeks ago, it might help you convert this tls_ciphers into something
NSS understands.
https://wiki.mozilla.org/Security/Server_Side_TLS#Cipher_names_correspondence_table
---
Julien Vehent
OpSec@Mozilla
http://jve.linuxwall.info
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
