[Pkg-openldap-devel] Bug#541256: Bug#541256: Bug#541256: TLS: could not set cipher list TLS_RSA_AES_256_CBC_SHA1
Vedran Furač
vedranf at vedranf.mine.nu
Thu Aug 13 00:12:43 UTC 2009
Quanah Gibson-Mount wrote:
> --On Wednesday, August 12, 2009 12:22 PM -0700 Quanah Gibson-Mount
> <quanah at zimbra.com> wrote:
>
>>> Thanks, bye!
>>
>> Filed upstream:
>>
>> <http://www.openldap.org/its/index.cgi/?findid=6251>
>>
>> Note that a difference for GnuTLS with 2.4.17 is that it uses gcrypt if a
>> newer GnuTLS is detected, so it is possible gcrypt is broken.
>
> Please see the upstream comments. The issue is broken behavior on GnuTLS'
> part.
Ah... I see. Thanks for forwarding it! Anyway, I tried his suggestion
and changed slapd.conf on server side and libnss/pam_ldap.conf/ldap.conf
on client to have:
TLSCipherSuite +AES-256-CBC:+SHA1
Now slapd starts, but connection (e.g. getent passwd) to it fails with:
TLS: can't connect: No supported cipher suites have been found..
And ldapsearch -ZZ:
TLS: can't connect: A TLS packet with unexpected length was received.
Regards!
More information about the Pkg-openldap-devel
mailing list