Skip to Main Content
Linux Server Security, Second Edition
book

Linux Server Security, Second Edition

by Michael D. Bauer
January 2005
Intermediate to advanced content levelIntermediate to advanced
544 pages
23h 44m
English
O'Reilly Media, Inc.
Content preview from Linux Server Security, Second Edition
This is the Title of the Book, eMatter Edition
Copyright © 2007 O’Reilly & Associates, Inc. All rights reserved.
226
|
Chapter 7: Using LDAP for Authentication
TLSCipherSuite specifies a list of OpenSSL ciphers from which slapd will choose
when negotiating TLS connections, in decreasing order of preference. To see which
ciphers are supported by your local OpenSSL installation, issue this command:
openssl ciphers -v ALL
In addition to those specific ciphers, you can use any of the wildcards supported by
OpenSSL, which allow you to specify multiple ciphers with a single word. For exam-
ple, in Example 7-4,
TLSCipherSuite is set to HIGH:MEDIUM:+SSLv2; as it happens, HIGH,
MEDIUM, and +SSLv2 are all wildcards.
HIGH means “all ciphers using key lengths greater than 128 bits”; MEDIUM is short for
“all ciphers using key lengths equal to 128 bits”’ and
+SSLv2 means “all ciphers speci-
fied in the SSL protocol, Version 2, regardless of key strength.” For a complete expla-
nation of OpenSSL ciphers, including all supported wildcards, see the ciphers(1)
manpage.
TLSCertificateFile and TLSCertificateKeyFile are more obvious: they specify the
paths to your certificate file and private-key file, respectively. If both certificate and
key are combined in a single file, you can specify the same path for both parameters
(but see my note on the previous page).
slapd Startup Options for TLS
Okay, we’ve done everything
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Linux: Powerful Server Administration

Linux: Powerful Server Administration

Uday Sawant, Oliver Pelz, Jonathan Hobson, William Leemans
Linux Server Hacks

Linux Server Hacks

Rob Flickenger
Linux Server Hacks, Volume Two

Linux Server Hacks, Volume Two

William von Hagen, Brian K. Jones

Publisher Resources

ISBN: 0596006705Supplemental ContentCatalog PageErrata