File diff 83a557f70dfb → 2e3af1a245a5
docs/rolereference.rst
Show inline comments
 
@@ -742,7 +742,14 @@ Parameters
 
  Minimum *Security Strength Factor* to require from all incoming
 
  connections. This applies for both remote and local connections.
 

			




	
	
	
		
 
**ldap_tls_ciphers** (string, optional ``NONE:+VERS-TLS1.2:+CTYPE-X509:+COMP-NULL:+SIGN-RSA-SHA256:+SIGN-RSA-SHA384:+SIGN-RSA-SHA512:+DHE-RSA:+ECDHE-RSA:+SHA256:+SHA384:+AEAD:+AES-128-GCM:+AES-128-CBC:+AES-256-GCM:+AES-256-CBC:+CURVE-ALL``)

			




	
	
	
		
 
**ldap_tls_ciphers** (string, optional ``NONE:+VERS-TLS1.2:+CTYPE-X509:+COMP-NULL:+SIGN-RSA-SHA256:+SIGN-RSA-SHA384:+SIGN-RSA-SHA512:+DHE-RSA:+ECDHE-RSA:+SHA256:+SHA384:+SHA512:+AEAD:+AES-128-GCM:+AES-256-GCM:+CHACHA20-POLY1305:+CURVE-ALL``)

			




	
	
	
		
 

			




	
	
	
		
 
  .. warning::

			




	
	
	
		
 
     Under Debian Stretch, the DHE ciphers are not usable due to a bug

			




	
	
	
		
 
     present in OpenLDAP 2.4.44. See

			




	
	
	
		
 
     https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1656979

			




	
	
	
		
 
     for details.

			




	
	
	
		
 

			




	
	
	
		
 
  TLS ciphers to enable on the LDAP server. This should be a GnuTLS-compatible

			




	
	
	
		
 
  cipher specification that should also include what TLS protocol versions

			




	
	
	
		
 
  should be used. Value should be compatible with OpenLDAP server option

			




        

    



    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2023 by various authors & licensed under GPLv3.