Package: slapd Version: 2.4.23-7.2
Openldap refuses to use cipher TLS_RSA_3DES_EDE_CBC_SHA1 when the cipher is available to the system. Here is the output of gnutls-cli: ldap3:/etc/ldap# gnutls-cli -l | grep TLS_RSA_3DES_EDE_CBC_SHA1 TLS_RSA_3DES_EDE_CBC_SHA1 0x00, 0x0a SSL3.0 and gnutls-serv ldap3:/etc/ldap# gnutls-serv -l | grep TLS_RSA_3DES_EDE_CBC_SHA1 TLS_RSA_3DES_EDE_CBC_SHA1 0x00, 0x0a SSL3.0 and openldap refuses to start when this cipher is used (and only this one) : ldap3:/etc/ldap# /usr/sbin/slapd -h ldap:/// ldaps:/// ldapi:/// -g openldap -u openldap -d9 […] TLS: could not set cipher list TLS_RSA_3DES_EDE_CBC_SHA1. main: TLS init def ctx failed: -1 slapd destroy: freeing system resources. syncinfo_free: rid=124 slapd stopped. connections_destroy: nothing to destroy. Here is the TLS relevant part of slapd.conf: TLSCertificateFile /etc/ldap/ldap3.math.ups-tlse.fr.pem TLSCertificateKeyFile /etc/ldap/ldap3.math.ups-tlse.fr.key TLSCACertificateFile /etc/ldap/CNRS2-Standard.crt.full.tls TLSCipherSuite TLS_RSA_3DES_EDE_CBC_SHA1 Here are the version of libldap, libgnutls26: ii libgnutls26 2.8.6-1 the GNU TLS library - runtime library ii libldap-2.4-2 2.4.23-7.2 OpenLDAP libraries Best Regards, _______________________________________ Christophe Ségui Responsable de Service Service Informatique Institut de Mathématiques de Toulouse - UMR 5219 Université de Toulouse, CNRS UNIVERSITE PAUL SABATIER BAT 1R3 bur 221 118 Route de Narbonne 31062 Toulouse Cedex 9 tel : 05.61.55.63.78 fax :05.61.55.75.99 _______________________________________ Economisez de l'énergie, du papier et de l'encre, n'imprimez ce message que si nécessaire. Pour en savoir plus consultez www.ecoinfo.cnrs.fr
smime.p7s
Description: S/MIME cryptographic signature
