7094 – slapd ciphersuite TLS_RSA_3DES_EDE_CBC_SHA1 not usable with GnuTLS

Issue 7094 - slapd ciphersuite TLS_RSA_3DES_EDE_CBC_SHA1 not usable with GnuTLS

Summary: slapd ciphersuite TLS_RSA_3DES_EDE_CBC_SHA1 not usable with GnuTLS

Status:	VERIFIED FIXED

Alias:	None

Product:	OpenLDAP
Classification:	Unclassified
Component:	slapd (show other issues)
Version:	2.4.23
Hardware:	All All

Importance:	--- normal
Target Milestone:	---
Assignee:	OpenLDAP project

URL:
Keywords:

Depends on:
Blocks:

Reported:	2011-11-23 03:51 UTC by Quanah Gibson-Mount
Modified:	2015-07-25 01:12 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.

Description Quanah Gibson-Mount 2011-11-23 03:51:19 UTC

Full_Name: Quanah Gibson-Mount
Version: 2.4.23
OS: Linux 2.6
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (75.108.184.39)


As reported in the debian bug tracker at:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=648056

If slapd is set to use the TLS_RSA_3DES_EDE_CBC_SHA1 cipher suite, it fails to
start up, even though gnuTLS reports it as supported.

Comment 1 Ryan Tandy 2014-08-18 03:44:44 UTC

I would consider this a duplicate of ITS#6251. More confusion about the 
gnutls cipher suite parsing changes. Setting

olcTLSCipherSuite: +RSA:+3DES-CBC:+SHA1

works for me, with the Debian 2.4.23 package this was reported against.

thanks,
Ryan

Comment 2 OpenLDAP project 2015-07-25 01:12:24 UTC

same as ITS#6251

Comment 3 Ryan Tandy 2015-07-25 01:12:24 UTC

changed notes
changed state Open to Closed