Bug#810814: libgnutls26: Encrypted LDAP connection doesn't work after libgnutls26 update
Wolfgang Karall-Ahlborn
lists+debian-bugs at karall-edv.at
Thu Jan 28 14:28:06 UTC 2016
Package: libgnutls26
Followup-For: Bug #810814
Hi,
I can confirm that the addition of 'SECURE256' in the cipher suites
configuration seems to be the problem, switching from
olcTLSCipherSuite: SECURE256:!ARCFOUR-128:!3DES-CBC:-VERS-SSL3.0
to
olcTLSCipherSuite: NORMAL:!ARCFOUR-128:!3DES-CBC:-VERS-SSL3.0
worked for me, but is of course not ideal.
Debugging with gnutls-cli yields the same results as in the related
Ubuntu bug report
https://bugs.launchpad.net/ubuntu/+source/gnutls26/+bug/1534230
i.e. 'SECURE256' doesn't work, while 'SECURE256:+SIGN-ALL' does work
with gnutls-cli (but unfortunately the +SIGN-ALL doesn't help when
configuring slapd's olcTLSCipherSuite).
Cheers
Wolfgang
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 4.2.0-1-686-pae (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: sysvinit (via /sbin/init)
Versions of packages libgnutls26 depends on:
ii libc6 2.19-22
pn libgcrypt11 <none>
ii libp11-kit0 0.23.1-3
ii libtasn1-6 4.7-2
ii multiarch-support 2.19-22
ii zlib1g 1:1.2.8.dfsg-2+b1
libgnutls26 recommends no packages.
libgnutls26 suggests no packages.
More information about the Pkg-gnutls-maint
mailing list