[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
[SSl/TLS + LDAP] Wrong version number, no shared cipher
hello !
First of all, I have an debian woody with openssl0.9.7 , openldap 2.1.23,
berkeleyDB4.1.25
I would like to use the SSL/TLS support with ldap.
then I have (re)installed openssl0.9.7 (with the "shared" option)
./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl no-kbr5
shared => ok
make depend => ok
make =>ok
make test =>ok
make install=ok
after I create the certificate
(http://www.openldap.org/pub/ksoper/OpenLDAP_TLS_howto.html#4.0)
no problem , except for :
# /usr/share/ssl/misc/CA.sh -sign
configuration file routines : N_CONF_get_string : no value : conf_lib.c
:328: group=CA_default name = unique_subject
I can create my certificate, I verify them :
( http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#verify )
they are ok...
after, I try to use openssl s_server and openssl s_client __with no option__
# openssl s_server -accept 1982 -cert
/usr/local/openldap/var/openldap-data/servercert.pem -key
/usr/local/openldap/var/openldap-data/serverkey.pem -debug -bugs
it's works !
Protocol : TLSv1
other test __ with ssl2 option__
# openssl s_server -accept 1982 -cert
/usr/local/openldap/var/openldap-data/servercert.pem -key
/usr/local/openldap/var/openldap-data/serverkey.pem -debug -bugs -ssl2
it's works !
Protocol : SSLv2
other test :__ with ssl3 option__
# openssl s_server -accept 1982 -cert
/usr/local/openldap/var/openldap-data/servercert.pem -key
/usr/local/openldap/var/openldap-data/serverkey.pem -debug -bugs -ssl3
It DOESN'T work ! :'( (since now.. more than 3 weeks)
the server says :
"SSL routines : SSL3_GET_RECORD : wrong version number:s3_pkt.c:297"
when I do :
"# openssl s_client -connect svrldap.tzm.fr:1982 -CAfile
/usr/local/openldap/var/openldap-data/cacert.pem -showcerts -state
other test : __with tls1 option__
# openssl s_server -accept 1982 -cert
/usr/local/openldap/var/openldap-data/servercert.pem -key
/usr/local/openldap/var/openldap-data/serverkey.pem -debug -bugs -tls1
It DOESN'T work ! :'(
the server says :
"SSL routines : SSL3_GET_RECORD : wrong version number:s3_pkt.c:297"
when I do :
"# openssl s_client -connect svrldap.tzm.fr:1982 -CAfile
/usr/local/openldap/var/openldap-data/cacert.pem -showcerts -state
So , i dont understand...
Why can't I use the tls1 option and the ssl3 option??
Default (no option in the s_server command) is the TLSv1, why when I ask
tls1 only, it doesnt work???????????????????????
I tried something else :
I start my ldap serveur on the 2 ports (389 and 636)
test 1 :
ldapsearch -x -b"dc=tzm_fr" -H 'ldap://svrldap.tzm.fr:389' => ok
test 2 :
ldapsearch -x -b"dc=tzm_fr" -H 'ldap://svrldap.tzm.fr:389' -Z
DOESNT work !
client : ldap_start_tls : connet error: handshake failure
ldap_bind : can't contact LDAP server : handshake failure
server : SSL routines : SSL3_GET_CLIENT_HELLO: no shared cipher
test 3 :
ldapsearch -x -b"dc=tzm_fr" -H 'ldap://svrldap.tzm.fr:389' -ZZ
DOESNT work !
client : ldap_start_tls : connet error: handshake failure
server : SSL routines : SSL3_GET_CLIENT_HELLO: no shared cipher
test 4 :
ldapsearch -x -b"dc=tzm_fr" -H 'ldaps://svrldap.tzm.fr:636'
DOESNT work !
client : ldap_start_tls : connet error: handshake failure
server : SSL routines : SSL3_GET_CLIENT_HELLO: no shared cipher
What can it be????????
what does it mean??
I have this in my slapd.conf
TLSCiphersuite : HIGH:MEDIUM:+SSLv2
TLSCertificateFile path/to/servercert.pem
TLSCACertificateFIle : path/to/Cacert.pem
TLSCertificateKeyFile : path/to/key.pem
I try A lot of Cipher suite, but always the same error... :/
Have U an idea?? coz I'm lost!!!!!!
Did someone manage to use TLS/SSL with openldap2.1.23????????
plz help me , coz SSL/TLS - LDAP is a very big part of my internship..
thanks in advance
Gabrielle
PS : sorry for my english :)
_________________________________________________________________
MSN Search, le moteur de recherche qui pense comme vous !
http://search.msn.fr