[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: TLS_REQCERT and no server certificate
- To: Jan Synacek <jsynacek@redhat.com>
- Subject: Re: TLS_REQCERT and no server certificate
- From: Philip Guenther <guenther+ldaptech@sendmail.com>
- Date: Tue, 12 Nov 2013 07:37:54 -0800
- Cc: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
- Dkim-filter: OpenDKIM Filter v2.7.5 spork.sendmail.com rACFbswB004006
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=sendmail.com; s=tls.dkim; t=1384270680; bh=x2niBWTenFE/AuVEmlavLMm/9pnlxpg+n8zZ9vkCbt8=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=eiujRTlm2Df0m2FBsS/GP+h/pBhiljL62XaxYv272CggobcCCHrhy6V+xWSHqj5iy OH1w/MKi70Y8giVKdN4KP1FHjLmGLWyYCHdPsaFUDBp18y5qbmUHBTdhbThBCgAyAd T4X0to4oPp7pgYSzOkcTM0pGDYhihnoPMcjvJ8w8=
- In-reply-to: <5282041F.20801@redhat.com>
- References: <5282041F.20801@redhat.com>
- User-agent: Alpine 2.11 (BSO 23 2013-08-11)
On Tue, 12 Nov 2013, Jan Synacek wrote:
> quoting ldap.conf(5):
>
> TLS_REQCERT <level>
> ...
> try The server certificate is requested. If no certificate is
> provided, the session proceeds normally. If a bad certificate is
> provided, the session is immediately terminated.
> ...
Yeah, that text is bogus. At least with OpenLDAP 2.4.37 and OpenSSL
version 1.0.1c and earlier, 'TLS_REQCERT try' is exactly the same as
'TLS_REQCERT demand'. The only difference in the OpenLDAP source is that
'demand' sets the SSL_VERIFY_FAIL_IF_NO_PEER_CERT option...which is
documented by OpenSSL as having NO EFFECT on the SSL client side, which
can be confirmed in the OpenSSL source.
(c.f. ITS #4941 for when I tried to get this text fixed. Closed with no
changes.)
> I'd like to try the "If no certificate is provided" part, but can't
> manage to do so.
Almost all TLS cipher suites, including the most deployed ones, require
the server to have a certificate, period. If you look at the output of
"openssl ciphers -v", the ciphers which have an 'Au' field of RSA, DSS,
ECDH, or ECDSA can only be used if the server has a certificate of the
indicated type.
So if you rule those out, you end up with basically three choices:
1) "Au=None": the anonymous ciphers. Possible, but they are trivially
subject to Man-in-the-Middle attacks, so TLS implementations disable
them by default.
(In theory they can be used securely via a channel-binding in a SASL
layer which supports integrity protections, but I haven't seen anyone
on list saying they've actually got that working. I lost track of
where the SASL bits stand on that after there was confusion on the IETF
mailing lists about what the protocols actually required. <sigh>)
2) "Au=PSK": pre-shared keys. Looks like these require a callback to
be configured on the server, but code to do that hasn't been added to
OpenLDAP. Good luck finding a client that would be able to use it.
3) "Au=SOMETHING_ELSE": something unusual like a Kerberos cipher suite.
Again, those require C code changes to enable their use, as well as
whatever infrastructure is behind them, which you didn't mention so
I'll assume you don't have.
So, right now, which one of those were you planning on using?
Philip Guenther