[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: SSL3_READ_BYTES:sslv3 alert handshake failure
Greg Martin wrote:
> Try adding a corres[ponding TLSCipherSuite entry to ldap.conf.
>
> \\Greg
>
Dear Greg,
Sorry for the late reply as I was busy in writing an article.
any how I have followed the guidance as suggested
now the ldap.conf has become like
----------------------------------------------
TLSCipherSuite HIGH:MEDIUM:+SSLv2 # new addition as suggested by Greg
TLS_CACERT /etc/openldap/myca/cacert.pem
TLS_CERT /etc/openldap/myca/servercert.pem
TLS_KEY /etc/openldap/myca/serverkey.pem
TLS_REQCERT allow
---------------------------------------------------
the slapd.conf is as before
-----------------------------------------------
TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCertificateFile /etc/openldap/myca/servercert.pem
TLSCertificateKeyFile /etc/openldap/myca/serverkey.pem
TLSCACertificateFile /etc/openldap/myca/cacert.pem
TLSVerifyClient demand
----------------------------------------------------
but still I have the same problem. like *ldapsearch -x -ZZ* reports
------------------------------------------
ldap_start_tls: Connect error (-11)
additional info: error:14094410:SSL
routines:SSL3_READ_BYTES:sslv3 alert handshake failure
--------------------------------------------
and the log reports
--------------------------------------------------------------------------------
Mar 26 12:32:35 linux slapd[7449]: conn=32 fd=15 ACCEPT from
IP=127.0.0.1:33418 (IP=0.0.0.0:389)
Mar 26 12:32:35 linux slapd[7449]: conn=32 op=0 STARTTLS
Mar 26 12:32:35 linux slapd[7449]: conn=32 op=0 RESULT oid= err=0 text=
Mar 26 12:32:35 linux slapd[7449]: conn=32 fd=15 closed (TLS negotiation
failure)
----------------------------------------------------------------------------------------
*slapd -d 255* reports
-------------------------------------------
TLS trace: SSL_accept:error in SSLv3 read client certificate B
TLS: can't accept.
TLS: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did
not return a certificate s3_srvr.c:2471
connection_read(15): TLS accept failure error=-1 id=42, closing
---------------------------
so pleeeaseeee help me to solve it.
thanks a lot for the great support so far...
>
> JOYDEEP wrote:
>> Dear list,
>>
>> Now *ldapsearch -x -ZZ* is working; but again I have a problem when
>> demanding certificate from host. the error is
>>
>> ========================
>> ldap_perror
>> ldap_start_tls: Connect error (-11)
>> additional info: error:14094410:SSL
>> routines:SSL3_READ_BYTES:sslv3 alert handshake failure
>> ======================================================================
>>
>> Here is my slapd.conf section of TLS
>> -----------------------------------------------
>> TLSCipherSuite HIGH:MEDIUM:+SSLv2
>> TLSCertificateFile /etc/openldap/myca/servercert.pem
>> TLSCertificateKeyFile /etc/openldap/myca/serverkey.pem
>> TLSCACertificateFile /etc/openldap/myca/cacert.pem
>> TLSVerifyClient demand
>> ----------------------------------------------------
>>
>> Here is my ldap.conf
>> ------------------------------------------------
>> TLS_CACERT /etc/openldap/myca/cacert.pem
>> TLS_CERT /etc/openldap/myca/servercert.pem
>> TLS_KEY /etc/openldap/myca/serverkey.pem
>> TLS_REQCERT allow
>> ---------------------------------------------------------
>>
>> please note I have a self signed certificate.
>>
>> Thanks
>>
>>
>>
>>
>>
>>
>
>