[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#6251) GnuTLS cipher suite failure
quanah@zimbra.com wrote:
> Full_Name: Quanah Gibson-Mount
> Version: 2.4.17
> OS: Linux 2.6
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (75.111.29.239)
>
>
> Debian bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=541256
>
> OpenLDAP+gnutls worked fine for me for more than a year, but now I have
> TLS problems again. It started on my unstable client when libnss-ldap
> reported:
>
> TLS: could not set cipher list TLS_RSA_AES_256_CBC_SHA1
>
> Then I upgraded gnutls and ldap on my server from lenny to unstable and
> now even slapd doesn't start:
>
> TLS: could not set cipher list TLS_RSA_AES_256_CBC_SHA1.
> main: TLS init def ctx failed: -1
>
> If I comment out line which defines cipher:
>
> TLSCipherSuite TLS_RSA_AES_256_CBC_SHA1
>
> it works again.
>
> $ gnutls-cli -l|grep TLS_RSA_AES_256_CBC_SHA1
> TLS_RSA_AES_256_CBC_SHA1 0x00, 0x35 SSL3.0
>
> ...so I don't see why it shouldn't work.
This appears to be caused by our switch to using GnuTLS's cipher suite parsing
functions in 2.4.14 (due to ITS#5887). The syntax that GnuTLS uses is quite
different from what we were using in 2.4.13 and earlier. Also, the GnuTLS
documentation on their format is misleading and just plain wrong on several
points.
We can treat this as an OpenLDAP doc bug, or we can revert to the pre-ITS#5887
behavior, which still works as expected. (But then we will be incompatible
with the behavior described in the current GnuTLS documentation. But of
course, the doc is wrong anyway.)
For reference, the GnuTLS doc says you can list suite names in a semicolon
separated list, and they may optionally be prefixed with "+" or "-" to add or
remove particular elements from the list.
In fact, the list must be colon separated, and the "+" is required. Just
listing the name will cause an error. Also, the actual suite names cannot be
used, only the individual algorithm names are recognized. So instead of the
suite name "TLS_RSA_AES_256_CBC_SHA1" you must specify "+AES-256-CBC:+SHA1".
This method is more error-prone, because it makes it possible to specify a
list of algorithms that do not conform to any valid suite.
All in all, it may be best to revert back to using our own suite parser and
ignore the one GnuTLS provides.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/