[Date Prev][Date Next] [Chronological] [Thread] [Top]

Selecting TLS Cipher problem

To: openldap-software@openldap.org
Subject: Selecting TLS Cipher problem
From: Pat Riehecky <prieheck@iwu.edu>
Date: Mon, 24 Mar 2008 13:16:56 -0500
Organization: Illinois Wesleyan University

I am trying to limit the cipher list for TLS negotiations, but I don't
seem to be able to do this.....

... output from -d -1....
2.5.13.0 (objectIdentifierMatch): matchingRuleUse: ( 2.5.13.0 NAME
'objectIdentifierMatch' APPLIES ( supportedControl $ supportedExtension
$ supportedFeatures $ supportedApplicationContext ) )
TLS: could not set cipher list !ALL:HIGH:+SSLv3:+TLSv1:MEDIUM:+SSLv2:!
aNULL:!NULL:+SHA:+MD5.
main: TLS init def ctx failed: -1
slapd destroy: freeing system resources.
slapd stopped.
connections_destroy: nothing to destroy.
</-d -1 snip>

Here is all of my TLS data from my slapd.conf
# SSL
TLSCertificateFile /etc/ldap/certificate.pem
TLSCertificateKeyFile /etc/ldap/private.key
TLSCipherSuite  !ALL:HIGH:+SSLv3:+TLSv1:MEDIUM:+SSLv2:!aNULL:!NULL:+SHA:
+MD5
</slapd.conf snip>

OpenLDAP 2.4.7-5 on Debian x86 installed from apt

What did I do wrong?  I would swear the cipher list is good, but....
Pat

Follow-Ups:
- Re: Selecting TLS Cipher problem
  - From: Philip Guenther <guenther+ldapsoft@sendmail.com>

Prev by Date: Re: ldapmodify error
Next by Date: Re: Selecting TLS Cipher problem
Index(es):
- Chronological
- Thread