[pgh-pm] Net::LDAP problems with SSL
Daniel J. Wright
Dan at DWright.Org
Mon Aug 4 14:27:11 PDT 2008
> my $ldap = Net::LDAP->($ldap_server, scheme => 'ldaps', version => 3);
> $ldap->start_tls( cafile =>$ca_file, ciphers => 'ALL:!RC4:@STRENGTH');
> my $mesg = $ldap->bind($bind_dn, port => 636, password => $password);
...
> Anyone else have any experience with this module that might be able to
> offer some advice?
I haven't used Net::LDAP, so I'm probably not going to be much use to you.
Looking at the source code, it looks like that "ciphers" argument ends
up getting sent into _SSL_context_init_args, where it sets up the
SSL_cipher_list argument, which is sent into IO::Socket::SSL::socketToSSL.
The default argument if you don't specify anything at all is "ALL"
The POD for IO::Socket::SSL suggests looking to this page for a listing of
acceptable values:
http://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS
Unfortunately, several of the options you said that you tried are on that
list, so I'm not sure exactly where to point you after that.
Maybe make sure that the versions of OpenSSL and IO::Socket::SSL you are
using are current?
-Dan
More information about the pgh-pm
mailing list