[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6251) GnuTLS cipher suite failure

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#6251) GnuTLS cipher suite failure
From: kent@cpttm.org.mo
Date: Wed, 14 Oct 2009 04:05:47 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

Hi,

I am having this issue, but setting the cipher suite to
+RSA:+AES-256-CBC:+SHA1 doesn't fix the problem.

slapd.conf:
TLSCipherSuite +RSA:+AES-256-CBC:+SHA1
TLSCACertificateFile /etc/ldap/ssl/cacert.pem
TLSCertificateFile /etc/ldap/ssl/cert.pem
TLSCertificateKeyFile /etc/ldap/ssl/key.pem

Debug log of slapd:
tchingRuleUse: ... supportedFeatures $ supportedApplicationContext ) )
TLS: could not set cipher list +RSA:+AES-256-CBC:+SHA1.
main: TLS init def ctx failed: -1
slapd destroy: freeing system resources.
slapd stopped.

Output of "gnutls-cli -l":
...
TLS_RSA_EXPORT_ARCFOUR_40_MD5                           0x00, 0x03 
SSL 3.0
TLS_RSA_ARCFOUR_SHA1                                    0x00, 0x05 
SSL 3.0
TLS_RSA_ARCFOUR_MD5                                     0x00, 0x04 
SSL 3.0
TLS_RSA_3DES_EDE_CBC_SHA1                               0x00, 0x0a 
SSL 3.0
TLS_RSA_AES_128_CBC_SHA1                                0x00, 0x2f 
SSL 3.0
TLS_RSA_AES_256_CBC_SHA1                                0x00, 0x35 
SSL 3.0
Certificate types: X.509, OPENPGP
Protocols: SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
Ciphers: AES 256 CBC, AES 128 CBC, 3DES 168 CBC, DES CBC, ARCFOUR 128, 
ARCFOUR 4
0, RC2 40, NULL
MACs: SHA, MD5, SHA256, SHA384, SHA512, MD2, RIPEMD160, NULL
Key exchange algorithms: Anon DH, RSA, RSA EXPORT, DHE RSA, DHE DSS, SRP 
DSS, SR
P RSA, SRP, PSK, DHE PSK
Compression: LZO, DEFLATE, NULL


-- 
Kent Tong
SME accounting software package for just MOP30.
See 
http://www.cpttm.org.mo/index_c.php?pg=cpttm/department/is/ispu/accsys/index.htm 
for more.

Prev by Date: (ITS#6331) slapd freezing, not accepting further 'write' operations while 'read' operations are unaffected
Next by Date: (ITS#6332) replication issues
Index(es):
- Chronological
- Thread