[Date Prev][Date Next] [Chronological] [Thread] [Top]

ITS#4354 syncrepl over sasl external tls fails

This looks like an unforeseen side-effect of the ITS#4017 fix that went 
into 2.3.12. Now that we support the Diffie-Hellman handshakes, you will 
get the Anonymous Diffie-Hellman (ADH) exchanges when you enable HIGH in 
your cipher suites. In ADH no certificates are exchanged, so any attempt 
to use them (e.g., SASL EXTERNAL) will fail. You need to add "!ADH" to 
your cipher suite specification to prevent this problem from occurring.

  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc
  OpenLDAP Core Team            http://www.openldap.org/project/