[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS negotiation failed on ldaps:// - sslv3 alert bad record mac

--On Tuesday, August 19, 2014 1:50 PM +0200 Oriol Rosa Ramoneda <orosa@bcn.sia.es> wrote:


We are facing an issue in one of our openldap environments, while
enabling secure queries via ldaps://  our integration environment keeps
returning the following error to out ldapsearch command:
SSL3_READ_BYTES:sslv3 alert bad record mac

while the same command pointing to our production environment connects
correctly and returns matching entries.

Both run under the following versions:
     Red Hat Enterprise Linux Server release 6.2 (Santiago)
     OpenLDAP: slapd 2.4.23
     OpenSSL 1.0.0-fips

2.4.23 is over 4 years old. In addition, the build supplied by RHEL if that's what you're using) is linked to NSS, not OpenSSL, and has a number of RHEL specific problems. I'd strongly advise upgrading to a current release and an OpenSSL linked OpenLDAP.

I would also note there were series kernel issues in the 6.2 patch level (At Zimbra, we require patch level 4 or later due to various issues with RHEL6 at the previous levels).



Quanah Gibson-Mount
Server Architect
Zimbra, Inc.
Zimbra ::  the leader in open source messaging and collaboration