Le 05/11/2018 16:38, Stuart Henderson a écrit :
On 2018-11-05, Joel Carnat <[email protected]> wrote:
Le 05/11/2018 13:48, Stuart Henderson a écrit :
On 2018-11-05, Joel Carnat <[email protected]> wrote:
Hi,
I'm using ldap(1) to query a remote Synology Directory Server
(OpenLDAP
2.4.x).
Unfortunately, it fails saying:
TLS failed: handshake failed: error:14004410:SSL
routines:CONNECT_CR_SRVR_HELLO:sslv3 alert handshake failure
ldap: LDAP connection failed
When I use the OpenLDAP ldapsearch, same arguments, I succeeds.
Using openssl s_client, I could confirm that the OpenLDAP server
accept
TLS:
New, TLSv1/SSLv3, Cipher is AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
(...)
If this were a cert problem you'd get a message like this from
ldap(1)
TLS failed: certificate verification failed: unable to get local
issuer certificate
ldap: LDAP connection failed
or
TLS failed: name `XX' not present in server certificate
So it's not that.
ldap(1) uses libtls which defaults to only allowing secure ciphers,
specifically TLSv1.2+AEAD+ECDHE:TLSv1.2+AEAD+DHE.
ldap(1) doesn't provide a way to weaken that, though you could add
a call to tls_config_set_ciphers(tls_config, "compat") in
ldapc_connect()
to test if it would work.
Or an s_client command that would force these ciphers:
openssl s_client -cipher TLSv1.2+AEAD+ECDHE:TLSv1.2+AEAD+DHE -CAfile
/etc/ssl/cert.pem -connect $hostname:636
If not, perhaps the Synology box is using old OpenSSL without support
for these ciphers, or perhaps the cipher config is forcing only old
ciphers. FWIW this is what I am currently using on OpenBSD slapd:
olcTLSCipherSuite: TLSv1.2+AEAD+ECDHE:TLSv1.2+AEAD+DHE
olcTLSCipherSuite is, by default, empty.
I could change it to
"HIGH:+SSLv3:+TLSv1:MEDIUM:+SSLv2:@STRENGTH:+SHA:+MD5:!NULL" which
doesn't solve the problem.
When I try to set it as yours, it says:
dn: cn=config
changetype: modify
replace: olcTLSCipherSuite
olcTLSCipherSuite: TLSv1.2+AEAD+ECDHE:TLSv1.2+AEAD+DHE
modifying entry "cn=config"
ldap_modify: Other (e.g., implementation specific) error (80)
From OpenBSD, the openssl commands returns:
CONNECTED(00000003)
13559346237984:error:14004410:SSL routines:CONNECT_CR_SRVR_HELLO:sslv3
alert handshake failure:/usr/src/lib/libssl/ssl_pkt.c:1200:SSL alert
number 40
13559346237984:error:140040E5:SSL routines:CONNECT_CR_SRVR_HELLO:ssl
handshake failure:/usr/src/lib/libssl/ssl_pkt.c:585:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Start Time: 1541425938
Timeout : 7200 (sec)
Verify return code: 0 (ok)
---
On the syno, I can see:
# openssl version
OpenSSL 1.0.2o-fips 27 Mar 2018
# openssl ciphers -v TLSv1.2+AEAD+ECDHE:TLSv1.2+AEAD+DHE
Error in cipher list
139812538357392:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no
cipher match:ssl_lib.c:1383:
Does this definitively indicates "ldap search" won't work with
OpenLDAP/OpenSSL shipped in Synology DSM ?
Oh, I see this cipher list syntax wasn't available in 1.0.x,
to check you'll need to expand it (on libressl or openssl 1.1) and
pass the whole string in. e.g. try this
openssl ciphers
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256
and see which if any are available with their 1.0.2o-fips build.
If there's no common cipher then "ldap search" can't work with
TLS without patching.
This gives:
# openssl ciphers
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256
