SASL always returns ssf=56 for GSSAPI

Alexey Melnikov alexey.melnikov at isode.com
Thu Sep 21 13:06:57 EDT 2006


Hai Zaar wrote:

> I'm using cyrus SASL with openldap.
>
> I've noticed, that SASL always returns ssf=56 for GSSAPI, however
> ethereal shows that underlying kerberos traffic is encrypted with
> aes256-cts-hmac-sha1-96
>
> Is that on purpose?

No.
As far as I know there is no portable way to extract strength of the 
strongest cipher from GSSAPI.
Let me know if I am wrong.

> P.S. I'm not on the list, so please CC me.




More information about the Cyrus-sasl mailing list