[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLSCipherSuite crashes slapd

To: "John G. Heim" <jheim@math.wisc.edu>
Subject: Re: TLSCipherSuite crashes slapd
From: Mathias Gug <mathiaz@ubuntu.com>
Date: Wed, 11 Mar 2009 19:23:41 -0400
Cc: openldap-software@openldap.org
Content-disposition: inline
In-reply-to: <A3C10B86D27348AF8F78230BF9FB5FF5@math.wisc.edu>
References: <A3C10B86D27348AF8F78230BF9FB5FF5@math.wisc.edu>
User-agent: Mutt/1.5.18 (2008-05-17)

Hi John,

On Wed, Mar 11, 2009 at 03:47:19PM -0500, John G. Heim wrote:
> The production server is 
> running the debian etch version of slapd, 2.3.30 and the test server is 
> running lenny's slapd, 2.4.11. One line that I had to comment out was
>
> #TLSCipherSuite          HIGH:MEDIUM
>
> I also tried this (which is supposed to be the default):
>
> #TLSCipherSuite          ALL:!ADH
>
> If I uncomment either of those lines, slapd will not start.   What really 
> puzzles me is that the second line is supposed to be the default and even 
> that doesn't work. If I leave them commented out, slapd starts and I can  
> query the database via ldapsearch specifying the -ZZ option or by 
> specifying ldaps.

One notable change between etch and lenny is that the lenny is compiled
against GNUTLS by default while etch uses OpenSSL. You may have to
update the TLSCipherSuite option to follow GNUTLS configuration.

-- 
Mathias Gug
Ubuntu Developer  http://www.ubuntu.com

References:
- TLSCipherSuite crashes slapd
  - From: "John G. Heim" <jheim@math.wisc.edu>

Prev by Date: Re: delta-syncrepl missing changes
Next by Date: Re: solaris compile options
Index(es):
- Chronological
- Thread