[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLSVerifyClient => no login possible

To: openldap-technical@openldap.org
Subject: Re: TLSVerifyClient => no login possible
From: Sebastian Reinhardt <snr@lmv-hartmannsdorf.de>
Date: Fri, 06 Mar 2009 16:56:52 +0100
In-reply-to: <87ocwe8yqw.fsf@rubin.l4b.de>
References: <49A4693D.2040205@lmv-hartmannsdorf.de> <87hc2i5028.fsf@rubin.l4b.de> <49A56823.3080803@lmv-hartmannsdorf.de> <871vtmh15q.fsf@rubin.l4b.de> <49A70157.6050101@lmv-hartmannsdorf.de> <87eixkugwd.fsf@rubin.l4b.de> <49AC5803.4070501@lmv-hartmannsdorf.de> <87ab83ezkz.fsf@rubin.l4b.de> <8763iqg6wl.fsf@rubin.l4b.de> <49B06DAE.8020405@lmv-hartmannsdorf.de> <49B07504.3080506@lmv-hartmannsdorf.de> <87sklr83b7.fsf@rubin.l4b.de> <49B1284A.3050103@lmv-hartmannsdorf.de> <87ocwe8yqw.fsf@rubin.l4b.de>
User-agent: Thunderbird 2.0.0.19 (X11/20081227)

Dieter Kluenter schrieb:
> Sebastian Reinhardt <snr@lmv-hartmannsdorf.de> writes:
>
>   
>> Dieter Kluenter schrieb:
>>     
>>> Sebastian Reinhardt <snr@lmv-hartmannsdorf.de> writes:
>>>       
> [...]
>   
>>> In order to find out run
>>> openssl ciphers SSLv2
>>> openssl ciphers HIGH
>>> openssl ciphers MEDIUM
>>>       
> [...]
>   
>> Hi Dieter,
>> I get the following output:
>>
>> lmvserver:~ #openssl ciphers SSLv2
>> DES-CBC3-MD5:DES-CBC-MD5:EXP-RC2-CBC-MD5:RC2-CBC-MD5:EXP-RC4-MD5:RC4-MD5
>>
>> lmvserver:~ # openssl ciphers MEDIUM
>> ADH-RC4-MD5:RC4-SHA:RC4-MD5:RC2-CBC-MD5:RC4-MD5
>>
>> lmvserver:~ # openssl ciphers HIGH
>> ADH-CAMELLIA256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:CAMELLIA256-SHA:ADH-CAMELLIA128-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:CAMELLIA128-SHA:ADH-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:ADH-AES128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:ADH-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-MD5
>>
>> So I think, this should work?! SSLv3 is also available. Is it better to
>> use  "TLSCipherSuite HIGH:MEDIUM:+SSLv3"?
>>     
>
> Just try TLSCipherSuite HIGH
> If you see any failures try HIGH:MEDIUM
>
> -Dieter
>
>
>   
I tried it, here the result:

with "TLSCipherSuite HIGH"

 Shutting down ldap-server                                             done
 Starting ldap-serverstartproc:  exit status of parent of
/usr/lib/openldap/slapd: 1
                                                                      failed

with "TLSCipherSuite HIGH:Medium"

 Shutting down ldap-server                                             done
 Starting ldap-serverstartproc:  exit status of parent of
/usr/lib/openldap/slapd: 1
                                                                      failed

-- 
Mit freundlichen GrÃÃen

Sebastian Reinhardt

Follow-Ups:
- Re: TLSVerifyClient => no login possible
  - From: "Dieter Kluenter" <dieter@dkluenter.de>

References:
- Re: TLSVerifyClient => no login possible
  - From: Sebastian Reinhardt <snr@lmv-hartmannsdorf.de>
- Re: TLSVerifyClient => no login possible
  - From: "Dieter Kluenter" <dieter@dkluenter.de>
- Re: TLSVerifyClient => no login possible
  - From: "Dieter Kluenter" <dieter@dkluenter.de>
- Re: TLSVerifyClient => no login possible
  - From: Sebastian Reinhardt <snr@lmv-hartmannsdorf.de>
- Re: TLSVerifyClient => no login possible
  - From: Sebastian Reinhardt <snr@lmv-hartmannsdorf.de>
- Re: TLSVerifyClient => no login possible
  - From: "Dieter Kluenter" <dieter@dkluenter.de>
- Re: TLSVerifyClient => no login possible
  - From: Sebastian Reinhardt <snr@lmv-hartmannsdorf.de>
- Re: TLSVerifyClient => no login possible
  - From: "Dieter Kluenter" <dieter@dkluenter.de>

Prev by Date: Re: TLSVerifyClient => no login possible
Next by Date: Re: TLSVerifyClient => no login possible
Index(es):
- Chronological
- Thread