[Date Prev][Date Next] [Chronological] [Thread] [Top]

handshake failure / SSL3_GET_CLIENT_HELLO:no shared cipher s3_srvr


this drives my crazy for about two days:

I do have two virtual Red Hat El 5.4 servers in a test environment. One
should be an openldap master, the second should be a openldap slave.

openssl-0.9.8e-12.el5_4.1, openldap-2.3.43-3.el5 (RH EL original rpms)

I followed some instructions to set up TLS: Set up a CA, generate/sign
certificates and keys, install tham on the servers and configure
openldap, restart.

My problem is: tls works on the master (which also is my CA for the
test), but not on the slave.

I've "openssl verify"ed and "openssl x509 -text"ed the certs -
everything seams o.k.

I've checked ip addresses, name resolving, locations, pathes,
permissions, fileversions - anything I can think of.

I've regenerated the key and cert for the slave following an other
documentation (at least with the same steps), but alway do get the same

from the ldap server debug:

TLS trace: SSL3 alert write:fatal:handshake failure
TLS trace: SSL_accept:error in SSLv3 read client hello B
TLS trace: SSL_accept:error in SSLv3 read client hello B
TLS: can't accept.
TLS: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
connection_read(13): TLS accept failure error=-1 id=0, closing

from the ldap client debug:

TLS trace: SSL3 alert read:fatal:handshake failure
TLS trace: SSL_connect:error in SSLv2/v3 read server hello A
TLS: can't connect.
ldap_start_tls: Connect error (-11)
	additional info: error:14077410:SSL
routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

May be I missed a step or still skiped something ...

A thousand kowtows for any helping hint...!!

Best regards,

Götz Reinicke

Tel. +49 7141 969 420
Fax  +49 7141 969 55 420
E-Mail goetz.reinicke@filmakademie.de

Filmakademie Baden-Württemberg GmbH
Akademiehof 10
71638 Ludwigsburg

Eintragung Amtsgericht Stuttgart HRB 205016
Vorsitzende des Aufsichtsrats:
Prof. Dr. Claudia Hübner

Prof. Thomas Schadt