[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#7349) openldap not supporting CAMELLIA ciphers
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#7349) openldap not supporting CAMELLIA ciphers
- From: hyc@symas.com
- Date: Thu, 9 Aug 2012 13:55:02 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
goodgoingswati@gmail.com wrote:
> Full_Name: Swati
> Version: 2.4.32
> OS: RHEL5
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (115.113.153.34)
>
>
> openldap is not supporting CAMELLIA based ciphers(both RSA and DSA based)
> I have configured SSL LDAP(LDAPS) and on checking SSL connection with LDAPS
> server with CAMELLIA based cipher leads to failure in handshake:
OpenLDAP doesn't implement any ciphers at all; the ciphers are provided by
whichever TLS implementation you're using. Closing this ITS.
>
> openssl s_client -connect localhost:636 -showcerts -cipher
> DHE-DSS-CAMELLIA256-SHA -state -CAfile /path_to_cert -cert /path_to_client_cert
> -key /path_to_client_key
> CONNECTED(00000003)
> SSL_connect:before/connect initialization
> SSL_connect:SSLv2/v3 write client hello A
> SSL3 alert read:fatal:handshake failure
> SSL_connect:error in SSLv2/v3 read server hello A
> 47726707455072:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert
> handshake failure:s23_clnt.c:741:
> ---
> no peer certificate available
> ---
> No client certificate CA names sent
> ---
> SSL handshake has read 7 bytes and written 102 bytes
> ---
> New, (NONE), Cipher is (NONE)
> Secure Renegotiation IS NOT supported
> Compression: NONE
> Expansion: NONE
>
> Handshake is failing with all camellia ciphers.
>
>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/