[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#7349) openldap not supporting CAMELLIA ciphers

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#7349) openldap not supporting CAMELLIA ciphers
From: hyc@symas.com
Date: Thu, 9 Aug 2012 13:55:02 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

goodgoingswati@gmail.com wrote:
> Full_Name: Swati
> Version: 2.4.32
> OS: RHEL5
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (115.113.153.34)
> 
> 
> openldap is not supporting CAMELLIA based ciphers(both RSA and DSA based)
> I have configured SSL LDAP(LDAPS) and on checking SSL connection with LDAPS
> server with CAMELLIA based cipher leads to failure in handshake:

OpenLDAP doesn't implement any ciphers at all; the ciphers are provided by
whichever TLS implementation you're using. Closing this ITS.
> 
> openssl s_client -connect localhost:636 -showcerts -cipher
> DHE-DSS-CAMELLIA256-SHA -state -CAfile /path_to_cert -cert /path_to_client_cert
> -key /path_to_client_key
> CONNECTED(00000003)
> SSL_connect:before/connect initialization
> SSL_connect:SSLv2/v3 write client hello A
> SSL3 alert read:fatal:handshake failure
> SSL_connect:error in SSLv2/v3 read server hello A
> 47726707455072:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert
> handshake failure:s23_clnt.c:741:
> ---
> no peer certificate available
> ---
> No client certificate CA names sent
> ---
> SSL handshake has read 7 bytes and written 102 bytes
> ---
> New, (NONE), Cipher is (NONE)
> Secure Renegotiation IS NOT supported
> Compression: NONE
> Expansion: NONE
> 
> Handshake is failing with all camellia ciphers.
> 
> 


-- 
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: (ITS#7349) openldap not supporting CAMELLIA ciphers
Next by Date: (ITS#7350) aclparse.c acl_unparse() attrval empty DN
Index(es):
- Chronological
- Thread