[Pkg-openldap-devel] Bug#462588: Bug#462588: Same problem

Sat Jan 26 11:33:28 UTC 2008

Quanah Gibson-Mount wrote:
> Have you verified whether or not you can connect using LDAPS via the 
> command line tools? (ldapsearch, ldapwhoami, etc).

Yes I did:

	$ ldapsearch -H ldaps://localhost:636/ -X cn=admin
	ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)

The relevant line in /etc/default/slapd:
	SLAPD_SERVICES="ldap://127.0.0.1:389/ ldaps:///"

And the relevant lines in /etc/ldap/slapd.conf:
	TLSCertificateFile /etc/ssl/private/mykey.crt
	TLSCertificateKeyFile /etc/ssl/private/mykey.key

	# original cipher suite string
	#TLSCipherSuite HIGH:-SSLv2:-RSA
	# cipher suite string as used before with OpenSSL
	#TLSCipherSuite HIGH:MEDIUM:-SSLv2
	# all cipher suites as currently supported by gnutls,
	# constructed using command:
	#   gnutls-cli -l | grep -E "^TLS" | cut -d\  -f1 | xargs echo
	TLSCipherSuite TLS_ANON_DH_ARCFOUR_MD5 TLS_ANON_DH_3DES_EDE_CBC_SHA1 
TLS_ANON_DH_AES_128_CBC_SHA1 TLS_ANON_DH_AES_256_CBC_SHA1 
TLS_PSK_SHA_ARCFOUR_SHA1 TLS_PSK_SHA_3DES_EDE_CBC_SHA1 
TLS_PSK_SHA_AES_128_CBC_SHA1 TLS_PSK_SHA_AES_256_CBC_SHA1 
TLS_DHE_PSK_SHA_ARCFOUR_SHA1 TLS_DHE_PSK_SHA_3DES_EDE_CBC_SHA1 
TLS_DHE_PSK_SHA_AES_128_CBC_SHA1 TLS_DHE_PSK_SHA_AES_256_CBC_SHA1 
TLS_SRP_SHA_3DES_EDE_CBC_SHA1 TLS_SRP_SHA_AES_128_CBC_SHA1 
TLS_SRP_SHA_AES_256_CBC_SHA1 TLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1 
TLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1 TLS_SRP_SHA_DSS_AES_128_CBC_SHA1 
TLS_SRP_SHA_RSA_AES_128_CBC_SHA1 TLS_SRP_SHA_DSS_AES_256_CBC_SHA1 
TLS_SRP_SHA_RSA_AES_256_CBC_SHA1 TLS_DHE_DSS_ARCFOUR_SHA1 
TLS_DHE_DSS_3DES_EDE_CBC_SHA1 TLS_DHE_DSS_AES_128_CBC_SHA1 
TLS_DHE_DSS_AES_256_CBC_SHA1 TLS_DHE_RSA_3DES_EDE_CBC_SHA1 
TLS_DHE_RSA_AES_128_CBC_SHA1 TLS_DHE_RSA_AES_256_CBC_SHA1 
TLS_RSA_NULL_MD5 TLS_RSA_EXPORT_ARCFOUR_40_MD5 TLS_RSA_ARCFOUR_SHA1 
TLS_RSA_ARCFOUR_MD5 TLS_RSA_3DES_EDE_CBC_SHA1 TLS_RSA_AES_128_CBC_SHA1 
TLS_RSA_AES_256_CBC_SHA1

Before, using OpenSSL, everything worked perfectly. Now, LDAPS is
completely broken.

Regards,

Timo