SASL always returns ssf=56 for GSSAPI

Alexey Melnikov alexey.melnikov at
Thu Sep 21 13:06:57 EDT 2006

Hai Zaar wrote:

> I'm using cyrus SASL with openldap.
> I've noticed, that SASL always returns ssf=56 for GSSAPI, however
> ethereal shows that underlying kerberos traffic is encrypted with
> aes256-cts-hmac-sha1-96
> Is that on purpose?

As far as I know there is no portable way to extract strength of the 
strongest cipher from GSSAPI.
Let me know if I am wrong.

> P.S. I'm not on the list, so please CC me.

More information about the Cyrus-sasl mailing list