summaryrefslogtreecommitdiff
path: root/databases/openldap-server
diff options
context:
space:
mode:
authormanu <manu@pkgsrc.org>2015-09-14 16:32:26 +0000
committermanu <manu@pkgsrc.org>2015-09-14 16:32:26 +0000
commit8e373bd1bf04606c6d086dbf17b8b97c71a5f3ed (patch)
treea84276f5501bdd0ba3dd9050259335106bb98882 /databases/openldap-server
parent05eb14a91da6e1dbcc3cc48c55e75254965e7365 (diff)
downloadpkgsrc-8e373bd1bf04606c6d086dbf17b8b97c71a5f3ed.tar.gz
Add support for ECDH, from upstream
After the recent logjam attack, longer DH parameter size have been advised. Unfortunately, this comes with a high computational cost. ECDH is a good alternative to acheive forward secrecy with lower CPU Loads. This patch is a backport from upstream ECDH umplementation. ECDH is enabled by speciying a curve name through the TLSECName directive. Valid curve names can be obtaines by openssl ecparam -list_curves Advised usage for a forward-secrecy only setup wiht only ECDH: TLSCipherSuite EECDH:!RC4:!SHA:!MD5:!DES:!aNULL:!eNULL TLSECName prime256v1 If backward compatibility with older clients is required: TLSCipherSuite EECDH:HIGH:!RC4:!SHA:!MD5:!DES:!aNULL:!eNULL TLSECName prime256v1 Backward compatible flavor with more forward secrecy, at the expense of using costly DH. dh2048.pem is obtained using openssl dhparam 2048 > /etc/openssl/certs/dh2048.pem TLSCipherSuite EECDH:EDH:HIGH:!RC4:!SHA:!MD5:!DES:!aNULL:!eNULL TLSDHParamFile /etc/openssl/certs/dh2048.pem TLSECName prime256v1
Diffstat (limited to 'databases/openldap-server')
-rw-r--r--databases/openldap-server/Makefile3
1 files changed, 2 insertions, 1 deletions
diff --git a/databases/openldap-server/Makefile b/databases/openldap-server/Makefile
index 60b831da071..f23a64cbc77 100644
--- a/databases/openldap-server/Makefile
+++ b/databases/openldap-server/Makefile
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.44 2015/07/17 14:49:05 adam Exp $
+# $NetBSD: Makefile,v 1.45 2015/09/14 16:32:26 manu Exp $
PKGNAME= ${DISTNAME:S/-/-server-/}
+PKGREVISION= 3
COMMENT= Lightweight Directory Access Protocol server suite
CONFLICTS+= openldap<2.3.23nb1
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-30 13:39:03 +0000