[Pkg-openldap-devel] Bug#541256: Bug#541256: TLS: could not set cipher list TLS_RSA_AES_256_CBC_SHA1
Quanah Gibson-Mount
quanah at zimbra.com
Wed Aug 12 19:22:05 UTC 2009
--On Wednesday, August 12, 2009 9:06 PM +0200 Vedran Furač
<vedranf at vedranf.mine.nu> wrote:
> Package: slapd
> Version: 2.4.17-1
> Severity: important
>
> OpenLDAP+gnutls worked fine for me for more than a year, but now I have
> TLS problems again. It started on my unstable client when libnss-ldap
> reported:
>
> TLS: could not set cipher list TLS_RSA_AES_256_CBC_SHA1
>
> Then I upgraded gnutls and ldap on my server from lenny to unstable and
> now even slapd doesn't start:
>
> TLS: could not set cipher list TLS_RSA_AES_256_CBC_SHA1.
> main: TLS init def ctx failed: -1
>
> If I comment out line which defines cipher:
>
> TLSCipherSuite TLS_RSA_AES_256_CBC_SHA1
>
> it works again.
>
> $ gnutls-cli -l|grep TLS_RSA_AES_256_CBC_SHA1
> TLS_RSA_AES_256_CBC_SHA1 0x00, 0x35 SSL3.0
>
> ...so I don't see why it shouldn't work.
>
> Thanks, bye!
Filed upstream:
<http://www.openldap.org/its/index.cgi/?findid=6251>
Note that a difference for GnuTLS with 2.4.17 is that it uses gcrypt if a
newer GnuTLS is detected, so it is possible gcrypt is broken.
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
More information about the Pkg-openldap-devel
mailing list