[Date Prev][Date Next] [Chronological] [Thread] [Top]

SSL/TLS



I know there are a lot of question on this topic and ask for your patience.

I'm trying to figure out how to discern if slapd is properly configured for SSL/TLS. Reading through the slapd strace output shows that the cacert & certfile are being opened & read

slapd v2.3.27

When I look at netstat -an ports 389 & 636 are listening:
tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:636 0.0.0.0:* LISTEN



slapd.conf: TLSCipherSuite HIGH:MEDIUM:+SSLv2 TLS_CACertificateFile /var/data/ca/cacert.pem TLS_CertificateFile /var/data/ca/newcerts/ldap1cert.pem TLS_CertificateKeyFile /etc/openldap/ldap1keyclear.txt TLSVerifyClient never

Reading through the strace output shows that the cacert & certfile are being opened.

ldap.conf
BASE    dc=gmartin, dc=org
URI    ldap://linux2.gmartin.org
TLS_CACERT /var/data/ca/cacert.pem

ldaprc:
TLS_CACERT /var/data/ca/cacert.pem

When I try ldapsearch or openssl s_client, I receive:
sslv3 alert handshake failure

And using slapd debug I see:
TLS: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher s3_srvr.c:97


I checked the FAQ and I think I've looked at everything there. Not sure where to look next.

\\Greg