Hi,
I'm using ldap(1) to query a remote Synology Directory Server (OpenLDAP
2.4.x).
Unfortunately, it fails saying:
TLS failed: handshake failed: error:14004410:SSL
routines:CONNECT_CR_SRVR_HELLO:sslv3 alert handshake failure
ldap: LDAP connection failed
When I use the OpenLDAP ldapsearch, same arguments, I succeeds.
Using openssl s_client, I could confirm that the OpenLDAP server accept
TLS:
New, TLSv1/SSLv3, Cipher is AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
(...)
Looking inside /etc/ssl/cert.pem, I could find "/O=Digital Signature
Trust Co./CN=DST Root CA X3".
Which is part of the Let's Encrypt certificate chain.
Is this a known issue or am I missing something?
Thanks.
