[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#7352) openldap not supporting CAMELLIA ciphers

To: openldap-its@OpenLDAP.org
Subject: (ITS#7352) openldap not supporting CAMELLIA ciphers
From: goodgoingswati@gmail.com
Date: Fri, 10 Aug 2012 05:24:49 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: Swati
Version: 2.4.32
OS: RHEL5
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (115.113.153.34)


openldap is not supporting CAMELLIA based ciphers(both RSA and DSA based)
I have configured SSL LDAP(LDAPS) and on checking SSL connection with LDAPS
server with CAMELLIA based cipher leads to failure in handshake:

openssl s_client -connect localhost:636 -showcerts -cipher
DHE-DSS-CAMELLIA256-SHA -state -CAfile /path_to_cert -cert /path_to_client_cert
-key /path_to_client_key
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL3 alert read:fatal:handshake failure
SSL_connect:error in SSLv2/v3 read server hello A
47726707455072:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert
handshake failure:s23_clnt.c:741:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 102 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE

Handshake is failing with all camellia ciphers.

Prev by Date: (ITS#7351) can not start slapd when enable accesslog relay
Next by Date: (ITS#7353) Handling request controls that include spurious control values
Index(es):
- Chronological
- Thread