changed the port. I've been looking at the thing too long.
Using s_client to connect to openldap does not produce a ssl error. But
using ldapsearch to connect to s_server produces the following...
# openssl s_server -accept 636 -cert /etc/openldap/slapd.pem
Using default temp DH parameters
ACCEPT
-----BEGIN SSL SESSION PARAMETERS-----
MHUCAQECAgMBBAIAFgQgVLGdE+ShwXCpmz6qBiRuaRvmBHxx/loIW0BzzmYGKpME
MEgHZypDjBRwkbk4p1KETYRhlP2DmHGEH9e7+2f6hKzrAQjMevTowgZA+Q+dGrCW
aKEGAgQ80JRYogQCAgEspAYEBAEAAAA=
-----END SSL SESSION PARAMETERS-----
Shared
ciphers:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DHE-DSS-RC4-SHA:RC4-SHA:RC4-MD5:EXP1024-DHE-DSS-RC4-SHA:EXP1024-RC4-SHA:EXP1024-DHE-DSS-DES-CBC-SHA:EXP1024-DES-CBC-SHA:EXP1024-RC2-CBC-MD5:EXP1024-RC4-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5
CIPHER is EDH-RSA-DES-CBC3-SHA
ERROR
shutting down SSL
CONNECTION CLOSED
the ldapsearch command is...
]$ ldapsearch -x -H ldaps://bashful.eng.fit.edu/ -b
'dc=my-domain,dc=com' '(objectclass=*)'
Does that mean that the problem is with ldapsearch?
--Kervin
Howard Chu wrote:
-----Original Message-----
From: Kervin L. Pierre [mailto:kervin@blueprint-tech.com]
With s_client connecting to s_server, everything looks fine. There
are no errors reported. When I try to connect to the OpenLDAP server
using s_client I get...
$ openssl s_client -connect bashful.eng.fit.edu:389
You're using the cleartext port, you should be using 636 here.
CONNECTED(00000003)
26420:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
failure:s23_lib.c:226:
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support