Full_Name: zhang fan Version: 2.3.43 OS: RHEL5 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (202.108.130.138) Hi Now I was configuring openldap with SSL support . But one problem came out and now I asked for your help .Thank you very much. My ldap server can work well before setting SSL . the ssl related option in slapd.conf is TLSCipherSuite ALL TLSCACertificateFile /etc/pki/tls/certs/slapd.pem TLSCertificateFile /etc/pki/tls/certs/slapd.pem TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem TLSVerifyClient never and I use openssl to test connection . [root@zosmf07 ~]# openssl s_client -connect zosmf07.cn.ibm.com:636 -showcerts -s tate -CAfile /etc/pki/tls/certs/slapd.pem CONNECTED(00000003) SSL_connect:before/connect initialization SSL_connect:SSLv2/v3 write client hello A SSL3 alert read:fatal:handshake failure SSL_connect:error in SSLv2/v3 read server hello A 7587:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake fa ilure:s23_clnt.c:583: the server debug log look like this TLS trace: SSL3 alert write:fatal:handshake failure TLS trace: SSL_accept:error in SSLv3 read client hello B TLS trace: SSL_accept:error in SSLv3 read client hello B TLS: can't accept. TLS: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher s3_srvr.c:1009 But when I issue openssl s_server to start the 636 port ,the ssl handshake can get success. [root@zosmf07 ~]# openssl s_server -accept 636 -cert /etc/pki/tls/certs/slapd.pem -key /etc/pki/tls/certs/slapd.pem -state Using default temp DH parameters ACCEPT SSL_accept:before/accept initialization SSL_accept:SSLv3 read client hello A SSL_accept:SSLv3 write server hello A SSL_accept:SSLv3 write certificate A SSL_accept:SSLv3 write key exchange A SSL_accept:SSLv3 write server done A SSL_accept:SSLv3 flush data SSL_accept:SSLv3 read client key exchange A SSL_accept:SSLv3 read finished A SSL_accept:SSLv3 write change cipher spec A SSL_accept:SSLv3 write finished A SSL_accept:SSLv3 flush data -----BEGIN SSL SESSION PARAMETERS----- MHUCAQECAgMBBAIAOQQgwtPmka9K2vuA3Eg6Vu8ZBGOIGiq2RVQBAR7/U//dIf4E MDXZOmotMZFmCsIV+5448cYBMN5zTGe6FJeVHxdu9KuEe0BYnZ69LW/GbLmNyemk 4KEGAgRQWUytogQCAgEspAYEBAEAAAA= -----END SSL SESSION PARAMETERS----- Shared ciphers:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:RC4-SHA:RC4-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5 CIPHER is DHE-RSA-AES256-SHA Secure Renegotiation IS supported Thank you very much for your help .This problem botherred me for two weeks .I tried many method but can't deal it .Thank you.
published 7396 marked public changed state Open to Closed