Re: SSL3_READ_BYTES:sslv3 alert handshake failure

[Greg Martin <gmartin@gmartin.org>]

Try adding a corres[ponding TLSCipherSuite entry to ldap.conf.

\\Greg


JOYDEEP wrote:
> Dear list,
>
> Now *ldapsearch -x -ZZ* is working; but again I have a problem when
> demanding  certificate from host. the error is
>
> ========================
> ldap_perror
> ldap_start_tls: Connect error (-11)
>         additional info: error:14094410:SSL
> routines:SSL3_READ_BYTES:sslv3 alert handshake failure
> ======================================================================
>
> Here is my slapd.conf section of TLS
> -----------------------------------------------
> TLSCipherSuite HIGH:MEDIUM:+SSLv2
> TLSCertificateFile            /etc/openldap/myca/servercert.pem
> TLSCertificateKeyFile        /etc/openldap/myca/serverkey.pem
> TLSCACertificateFile         /etc/openldap/myca/cacert.pem
> TLSVerifyClient  demand
> ----------------------------------------------------
>
> Here is my ldap.conf
> ------------------------------------------------
> TLS_CACERT /etc/openldap/myca/cacert.pem
> TLS_CERT   /etc/openldap/myca/servercert.pem
> TLS_KEY    /etc/openldap/myca/serverkey.pem
> TLS_REQCERT allow
> ---------------------------------------------------------
>
> please note I have a self signed certificate.
>
> Thanks
>
>
>
>
>
>