[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
no shared cipher error
- To: <openldap-software@openldap.org>
- Subject: no shared cipher error
- From: <Josh.Mullis@cox.com>
- Date: Mon, 7 Dec 2009 09:25:34 -0500
- Accept-language: en-US
- Acceptlanguage: en-US
- Content-language: en-US
- Thread-index: AQHKd0kj9AGfQXFRoEKZZco3RiUJmg==
- Thread-topic: no shared cipher error
Good day all,
I am getting the following error on an openldap v2.3 server when attempting communication from an ldap client...
------------------------
TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL3 alert write:fatal:handshake failure
TLS trace: SSL_accept:error in SSLv3 read client hello B
TLS trace: SSL_accept:error in SSLv3 read client hello B
TLS: can't accept.
TLS: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher s3_srvr.c:974
------------------------
I only get this when connecting to openldap server from a client.
I do not get this error when I use the openssl client / server commands method.
Output below....
Thanks for any help.
-Josh
-----------------------------------------------------
openssl s_server -accept 1982 -cert /etc/openldap/cacerts/servercrt.pem -key /etc/openldap/cacerts/serverkey.pem
ACCEPT
-----BEGIN SSL SESSION PARAMETERS-----
--hidden-text--
--hidden-text--
--hidden-text--
-----END SSL SESSION PARAMETERS-----
Shared ciphers:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:DHE-DSS-RC4-SHA:RC4-SHA:RC4-MD5:EXP1024-DHE-DSS-DES-CBC-SHA:EXP1024-DES-CBC-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP1024-DHE-DSS-RC4-SHA:EXP1024-RC4-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5
CIPHER is DHE-RSA-AES256-SHA
------------------------------------------------------
-------------------------------------------------------------------
openssl s_client -connect ldapurl.example.com:1982 -CAfile /path/to/cacert
CONNECTED(00000003)
depth=1 --hidden-text--
verify return:1
depth=0 --hidden-text--
verify return:1
---
Certificate chain
0 s:/--hidden-text--
i:/--hidden-text--
---
Server certificate
-----BEGIN CERTIFICATE-----
--hidden-text--
--hidden-text--
--hidden-text--
--hidden-text--
-----END CERTIFICATE-----
subject=/--hidden-text--
issuer=/--hidden-text--
---
No client certificate CA names sent
---
SSL handshake has read 1250 bytes and written 276 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: --hidden-text--
Session-ID-ctx:
Master-Key: --hidden-text--
Key-Arg : None
Start Time: 1260195189
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
---------------------------------------------------------------------------------------------