From beer at cmu.edu Mon Aug 4 14:10:50 2008 From: beer at cmu.edu (beer at cmu.edu) Date: Mon, 4 Aug 2008 17:10:50 -0400 Subject: [pgh-pm] Net::LDAP problems with SSL Message-ID: <7916966e0808041410h66b2acfcy583233e5d19e41c4@mail.gmail.com> Hey folks I have an app that uses Net::LDAP. The ldap server i am connecting to requires 64 bit or higher encryption but I cant seem to force Net::LDAP to cooperate. Allegedly I should be able to choose the ciphers used with OpenSSL by passing values to the start_tls subroutine. What follows is an approximation of my code with sensitive data removed: my $ldap = Net::LDAP->($ldap_server, scheme => 'ldaps', version => 3); $ldap->start_tls( cafile =>$ca_file, ciphers => 'ALL:!RC4:@STRENGTH'); my $mesg = $ldap->bind($bind_dn, port => 636, password => $password); The above value being passed to ciphers is just one of many I have tried including but not limited to: HIGH, MEDIUM, AES, SSLv3, ALL:!ADH at STRENTH. Regardless of what I pass here, when I check $ldap->cipher() it always returns EXP1024-RC4-SHA. I was originally running version 0.33 but upgraded to 0.36 today in the hopes that it was a simple bug that had already been addressed. Anyone else have any experience with this module that might be able to offer some advice? TIA -bill -------------- next part -------------- An HTML attachment was scrubbed... URL: From Dan at DWright.Org Mon Aug 4 14:27:11 2008 From: Dan at DWright.Org (Daniel J. Wright) Date: Mon, 4 Aug 2008 17:27:11 -0400 (EDT) Subject: [pgh-pm] Net::LDAP problems with SSL In-Reply-To: <7916966e0808041410h66b2acfcy583233e5d19e41c4@mail.gmail.com> References: <7916966e0808041410h66b2acfcy583233e5d19e41c4@mail.gmail.com> Message-ID: <53723.216.92.130.24.1217885231.squirrel@webmail8.pair.com> > my $ldap = Net::LDAP->($ldap_server, scheme => 'ldaps', version => 3); > $ldap->start_tls( cafile =>$ca_file, ciphers => 'ALL:!RC4:@STRENGTH'); > my $mesg = $ldap->bind($bind_dn, port => 636, password => $password); ... > Anyone else have any experience with this module that might be able to > offer some advice? I haven't used Net::LDAP, so I'm probably not going to be much use to you. Looking at the source code, it looks like that "ciphers" argument ends up getting sent into _SSL_context_init_args, where it sets up the SSL_cipher_list argument, which is sent into IO::Socket::SSL::socketToSSL. The default argument if you don't specify anything at all is "ALL" The POD for IO::Socket::SSL suggests looking to this page for a listing of acceptable values: http://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS Unfortunately, several of the options you said that you tried are on that list, so I'm not sure exactly where to point you after that. Maybe make sure that the versions of OpenSSL and IO::Socket::SSL you are using are current? -Dan From faisal at faisal.com Wed Aug 6 20:44:55 2008 From: faisal at faisal.com (Faisal N Jawdat) Date: Wed, 6 Aug 2008 23:44:55 -0400 Subject: [pgh-pm] flail Message-ID: http://flail.org/ > Flail is a hacker's MUA (Mail User Agent, a program you use to read > your mail). It has a terse, extensible, Unix-like command-line > interface. It is written in Perl, and is designed to make Perl > hackers happy. It now comes with a Makefile.PL and a README, so what > more could you possibly ask? -faisal