[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: trying to get tls working



charlie derr wrote:
> 
> Thank you.
> 
> /usr/local/libexec/slapd -d 1 -h "ldap:/// ldaps:///"
> @(#) $OpenLDAP: slapd 2.X (Mon Aug 27 16:03:39 EDT 2001) $
>         root@cderr:/src/openldap-2.0.11/cvs/ldap/servers/slapd
> daemon_init: listen on ldap:///
> daemon_init: listen on ldaps:///
> daemon_init: 2 listeners to open...
> ldap_url_parse_ext(ldap:///)
> daemon: socket() failed errno=97 (Address family not supported by
> protocol)
> daemon: initialized ldap:///
> ldap_url_parse_ext(ldaps:///)
> daemon: socket() failed errno=97 (Address family not supported by
> protocol)
> daemon: initialized ldaps:///
> daemon_init: 2 listeners opened
> slapd init: initiated server.
> slap_sasl_init: initialized!
> slapd startup: initiated.
> slapd starting
> 
> and then when i try to connect w/gq i get:
> 
> ldap_pvt_gethostbyname_a: host=cderr, r=0
> connection_get(16): got connid=0
> connection_read(16): checking for input on id=0
> TLS trace: SSL_accept:before/accept initialization
> TLS trace: SSL_accept:error in SSLv2/v3 read client hello A
> TLS: can't accept.
> TLS: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
> s23_srvr.c:565
> connection_read(16): TLS accept error error=-1 id=0, closing
> connection_closing: readying conn=0 sd=16 for close
> connection_close: conn=0 sd=16
> 
> Thank you for any and all suggestions as to what i should change to get
> tls successfully working,
>         ~c

I got that message and after a bit of snooping/debugging I changed the
TLSCipherSuite line in slapd.conf to ...

TLSCipherSuite HIGH:MEDIUM:+SSLv2:RSA

-- 
Dave
--
Dave Lewney
Principal Systems Programmer, Computing Service
University of Sussex, Brighton BN1 9QJ. Tel: 01273 678354 Fax: 01273
271956