[Date Prev][Date Next] [Chronological] [Thread] [Top]

no shared cipher error




Good day all,


I am getting the following error on an openldap v2.3 server when attempting communication from an ldap client...

------------------------
TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL3 alert write:fatal:handshake failure
TLS trace: SSL_accept:error in SSLv3 read client hello B
TLS trace: SSL_accept:error in SSLv3 read client hello B
TLS: can't accept.
TLS: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher s3_srvr.c:974
------------------------


I only get this when connecting to openldap server from a client.

I do not get this error when I use the openssl client / server commands method.
Output below....




Thanks for any help.
-Josh





-----------------------------------------------------
openssl s_server -accept 1982 -cert /etc/openldap/cacerts/servercrt.pem -key /etc/openldap/cacerts/serverkey.pem


ACCEPT
-----BEGIN SSL SESSION PARAMETERS-----
--hidden-text--
--hidden-text--
--hidden-text--
-----END SSL SESSION PARAMETERS-----
Shared ciphers:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:DHE-DSS-RC4-SHA:RC4-SHA:RC4-MD5:EXP1024-DHE-DSS-DES-CBC-SHA:EXP1024-DES-CBC-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP1024-DHE-DSS-RC4-SHA:EXP1024-RC4-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5
CIPHER is DHE-RSA-AES256-SHA
------------------------------------------------------








-------------------------------------------------------------------
openssl s_client -connect ldapurl.example.com:1982 -CAfile /path/to/cacert



CONNECTED(00000003)
depth=1 --hidden-text--
verify return:1
depth=0 --hidden-text--
verify return:1
---
Certificate chain
 0 s:/--hidden-text--
   i:/--hidden-text--
---
Server certificate
-----BEGIN CERTIFICATE-----
--hidden-text--
--hidden-text--
--hidden-text--
--hidden-text--
-----END CERTIFICATE-----
subject=/--hidden-text--
issuer=/--hidden-text--
---
No client certificate CA names sent
---
SSL handshake has read 1250 bytes and written 276 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: --hidden-text--
    Session-ID-ctx: 
    Master-Key: --hidden-text--
    Key-Arg   : None
    Start Time: 1260195189
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---


---------------------------------------------------------------------------------------------