[Pkg-openssl-devel] Bug#1065424: Bug#1065424: Can't connect to Active Directory with openssl
Sebastian Andrzej Siewior
sebastian at breakpoint.cc
Mon Mar 4 17:45:18 GMT 2024
On 2024-03-04 11:16:14 [+0100], Maciej Bogucki wrote:
> When I invoke `/usr/bin/openssl s_client -connect 192.168.92.95:636`
So you get no reply? That is odd. There has to be reply. A "Connected"
line is something I would have expected. If there is nothing then I
would assume that the port is silently blocked.
…
> from latest rocky linux it is ok
>
> [bogucki at nsd-ansible ~]$ /usr/bin/openssl s_client -connect 192.168.92.95:636
> CONNECTED(00000003)
see, that line is missing.
…
> No client certificate CA names sent
> Client Certificate Types: RSA sign, DSA sign, ECDSA sign
> Requested Signature Algorithms: RSA+SHA512:ECDSA+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA1:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA1
> Shared Requested Signature Algorithms: RSA+SHA512:ECDSA+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA1:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA1
> Peer signing digest: SHA1
> Peer signature type: RSA
The remote side looks limited. So from all the possibilities it decided
to sign with RSA+SHA1. This is something openssl in bookworm rejects if
I am not mistaken. But there has to be an error message about this.
If *think* if you lower security level then it should work.
Out of curiosity, what is the remote side running?
Sebastian
More information about the Pkg-openssl-devel
mailing list