[Date Prev][Date Next] [Chronological] [Thread] [Top]

Antw: Redhat LDAP Client Issues when disabling SSLv3

To: <pboguszewski@library.wisc.edu>,<openldap-technical@openldap.org>
Subject: Antw: Redhat LDAP Client Issues when disabling SSLv3
From: "Ulrich Windl" <Ulrich.Windl@rz.uni-regensburg.de>
Date: Thu, 23 Oct 2014 08:59:55 +0200
Content-disposition: inline
In-reply-to: <54481CBA.2080400@library.wisc.edu>
References: <54481CBA.2080400@library.wisc.edu>

>>> Peter Boguszewski <pboguszewski@library.wisc.edu> schrieb am 22.10.2014 um
23:08 in Nachricht <54481CBA.2080400@library.wisc.edu>:
> I am running into issues on RHEL 6.x servers (mix of 6.5 and now 6.6) 
> when attempting to disable SSLv3.  I have compiled the servers with the 
> --with-tls=openssl option and communication appears to be working well 
> between servers to matter what I have for SSL Protocol.  My problems are 
> with the clients.
> 
> For client configuration I install the openldap-clients package via yum 
> install.  Everything works as expected with this setting on the server side:
> 
> olcTLSCipherSuite: HIGH:+TLSv1.2:-TLSv1.1:-TLSv1.0:+SSLv3:-SSLv2
> 
> as soon as I modify the +SSLv3 to -SSLv3 to this:
> 
> olcTLSCipherSuite: HIGH:+TLSv1.2:-TLSv1.1:-TLSv1.0:-SSLv3:-SSLv2
> 
> the client no longer works.  I have tried just about everything I can 

Some (older) openssl versions have this feature:

   List ciphers with a complete description of protocol version (SSLv2 or SSLv3; the latter includes TLS)

So you may disable TLS when trying to disable SSLv3, I guess.

Regards,
Ulrich

References:
- Redhat LDAP Client Issues when disabling SSLv3
  - From: Peter Boguszewski <pboguszewski@library.wisc.edu>

Prev by Date: RE: Multimaster OpenLDAP - LDAP failed to start
Next by Date: Re: Synchronizing two mirror mode clusters
Index(es):
- Chronological
- Thread