[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openldap-bugs
Subject:    Re: (ITS#7349) openldap not supporting CAMELLIA ciphers
From:       hyc () symas ! com
Date:       2012-08-09 13:55:02
Message-ID: 201208091355.q79Dt2ie053751 () boole ! openldap ! org
[Download RAW message or body]

goodgoingswati@gmail.com wrote:
> Full_Name: Swati
> Version: 2.4.32
> OS: RHEL5
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (115.113.153.34)
> 
> 
> openldap is not supporting CAMELLIA based ciphers(both RSA and DSA based)
> I have configured SSL LDAP(LDAPS) and on checking SSL connection with LDAPS
> server with CAMELLIA based cipher leads to failure in handshake:

OpenLDAP doesn't implement any ciphers at all; the ciphers are provided by
whichever TLS implementation you're using. Closing this ITS.
> 
> openssl s_client -connect localhost:636 -showcerts -cipher
> DHE-DSS-CAMELLIA256-SHA -state -CAfile /path_to_cert -cert /path_to_client_cert
> -key /path_to_client_key
> CONNECTED(00000003)
> SSL_connect:before/connect initialization
> SSL_connect:SSLv2/v3 write client hello A
> SSL3 alert read:fatal:handshake failure
> SSL_connect:error in SSLv2/v3 read server hello A
> 47726707455072:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert
> handshake failure:s23_clnt.c:741:
> ---
> no peer certificate available
> ---
> No client certificate CA names sent
> ---
> SSL handshake has read 7 bytes and written 102 bytes
> ---
> New, (NONE), Cipher is (NONE)
> Secure Renegotiation IS NOT supported
> Compression: NONE
> Expansion: NONE
> 
> Handshake is failing with all camellia ciphers.
> 
> 


-- 
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/


[prev in list] [next in list] [prev in thread] [next in thread]