[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re:Re: (ITS#8924) Installed openldap2.4.46 and openssl1.1.1, the client and server still used TLS1.2 to negotiated



--On Sunday, October 14, 2018 10:03 PM +0800 =E8=8E=AB=E4=BA=9A=E7=94=B7 =
<nanmor@126.com>=20
wrote:

> Run ' ldd /usr/local/openldap.2.4.46/bin/ldapsearch' in Redhat, result:
>         linux-vdso.so.1 =3D>  (0x00007ffd959d6000)
>         libsasl2.so.3 =3D> /lib64/libsasl2.so.3 (0x00007fae80012000)
>         libssl.so.10 =3D> /lib64/libssl.so.10 (0x00007fae7fd9f000)
>         libcrypto.so.10 =3D> /lib64/libcrypto.so.10

Your Redhat build is linked to the system OpenSSL 1.0.2k release.  This=20
clearly won't support TLS 1.3.

lrwxrwxrwx 1 root root     16 Jun 19 14:00 libssl.so.10 -> libssl.so.1.0.2k


Closing this ITS as invalid.  I suggest fixing your build process on your=20
RedHat box to link to the correct OpenSSL build.  It appears you have the=20
RH openssl development package installed, which is why you're encountering=20
various issues.  However, none of this is related to OpenLDAP itself, which =

as I've already noted, behaves correctly when all sides (client & server)=20
are linked to OpenSSL 1.1.1.

--Quanah

--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>