[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6251) GnuTLS cipher suite failure

quanah@zimbra.com wrote:
> Full_Name: Quanah Gibson-Mount
> Version: 2.4.17
> OS: Linux 2.6
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (
> Debian bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=541256
> OpenLDAP+gnutls worked fine for me for more than a year, but now I have
> TLS problems again. It started on my unstable client when libnss-ldap
> reported:
> TLS: could not set cipher list TLS_RSA_AES_256_CBC_SHA1
> Then I upgraded gnutls and ldap on my server from lenny to unstable and
> now even slapd doesn't start:
> TLS: could not set cipher list TLS_RSA_AES_256_CBC_SHA1.
> main: TLS init def ctx failed: -1
> If I comment out line which defines cipher:
> TLSCipherSuite     TLS_RSA_AES_256_CBC_SHA1
> it works again.
> $ gnutls-cli -l|grep TLS_RSA_AES_256_CBC_SHA1
> TLS_RSA_AES_256_CBC_SHA1     0x00, 0x35      SSL3.0
> ...so I don't see why it shouldn't work.

This appears to be caused by our switch to using GnuTLS's cipher suite parsing 
functions in 2.4.14 (due to ITS#5887). The syntax that GnuTLS uses is quite 
different from what we were using in 2.4.13 and earlier. Also, the GnuTLS 
documentation on their format is misleading and just plain wrong on several 

We can treat this as an OpenLDAP doc bug, or we can revert to the pre-ITS#5887 
behavior, which still works as expected. (But then we will be incompatible 
with the behavior described in the current GnuTLS documentation. But of 
course, the doc is wrong anyway.)

For reference, the GnuTLS doc says you can list suite names in a semicolon 
separated list, and they may optionally be prefixed with "+" or "-" to add or 
remove particular elements from the list.

In fact, the list must be colon separated, and the "+" is required. Just 
listing the name will cause an error. Also, the actual suite names cannot be 
used, only the individual algorithm names are recognized. So instead of the 
suite name "TLS_RSA_AES_256_CBC_SHA1" you must specify "+AES-256-CBC:+SHA1". 
This method is more error-prone, because it makes it possible to specify a 
list of algorithms that do not conform to any valid suite.

All in all, it may be best to revert back to using our own suite parser and 
ignore the one GnuTLS provides.

   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/