[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSL3_READ_BYTES:sslv3 alert handshake failure



Try adding a corres[ponding TLSCipherSuite entry to ldap.conf.

\\Greg


JOYDEEP wrote:
Dear list,

Now *ldapsearch -x -ZZ* is working; but again I have a problem when
demanding  certificate from host. the error is

========================
ldap_perror
ldap_start_tls: Connect error (-11)
        additional info: error:14094410:SSL
routines:SSL3_READ_BYTES:sslv3 alert handshake failure
======================================================================

Here is my slapd.conf section of TLS
-----------------------------------------------
TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCertificateFile            /etc/openldap/myca/servercert.pem
TLSCertificateKeyFile        /etc/openldap/myca/serverkey.pem
TLSCACertificateFile         /etc/openldap/myca/cacert.pem
TLSVerifyClient  demand
----------------------------------------------------

Here is my ldap.conf
------------------------------------------------
TLS_CACERT /etc/openldap/myca/cacert.pem
TLS_CERT   /etc/openldap/myca/servercert.pem
TLS_KEY    /etc/openldap/myca/serverkey.pem
TLS_REQCERT allow
---------------------------------------------------------

please note I have a self signed certificate.

Thanks