[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Antw: Re: TLS_REQCERT and no server certificate
>>> Philip Guenther <guenther+ldaptech@sendmail.com> schrieb am 12.11.2013 um 16:37
in Nachricht <alpine.BSO.2.11.1311120655310.19673@morgaine.local>:
> On Tue, 12 Nov 2013, Jan Synacek wrote:
>> quoting ldap.conf(5):
>>
>> TLS_REQCERT <level>
>> ...
>> try The server certificate is requested. If no certificate is
Maybe that should read "... If no VALID certificate is..."
>> provided, the session proceeds normally. If a bad certificate is
>> provided, the session is immediately terminated.
>> ...
>
> Yeah, that text is bogus. At least with OpenLDAP 2.4.37 and OpenSSL
> version 1.0.1c and earlier, 'TLS_REQCERT try' is exactly the same as
> 'TLS_REQCERT demand'. The only difference in the OpenLDAP source is that
> 'demand' sets the SSL_VERIFY_FAIL_IF_NO_PEER_CERT option...which is
> documented by OpenSSL as having NO EFFECT on the SSL client side, which
> can be confirmed in the OpenSSL source.
>
> (c.f. ITS #4941 for when I tried to get this text fixed. Closed with no
> changes.)
>
>
>> I'd like to try the "If no certificate is provided" part, but can't
>> manage to do so.
>
> Almost all TLS cipher suites, including the most deployed ones, require
> the server to have a certificate, period. If you look at the output of
Yes, but the certificate could be expired or mismatching the host, etc.
> "openssl ciphers -v", the ciphers which have an 'Au' field of RSA, DSS,
> ECDH, or ECDSA can only be used if the server has a certificate of the
> indicated type.
>
> So if you rule those out, you end up with basically three choices:
> 1) "Au=None": the anonymous ciphers. Possible, but they are trivially
> subject to Man-in-the-Middle attacks, so TLS implementations disable
> them by default.
>
> (In theory they can be used securely via a channel-binding in a SASL
> layer which supports integrity protections, but I haven't seen anyone
> on list saying they've actually got that working. I lost track of
> where the SASL bits stand on that after there was confusion on the IETF
> mailing lists about what the protocols actually required. <sigh>)
>
> 2) "Au=PSK": pre-shared keys. Looks like these require a callback to
> be configured on the server, but code to do that hasn't been added to
> OpenLDAP. Good luck finding a client that would be able to use it.
>
> 3) "Au=SOMETHING_ELSE": something unusual like a Kerberos cipher suite.
> Again, those require C code changes to enable their use, as well as
> whatever infrastructure is behind them, which you didn't mention so
> I'll assume you don't have.
>
> So, right now, which one of those were you planning on using?
>
>
> Philip Guenther