Package: openssl Version: 1.1.1k-1 Severity: normal Dear Maintainer,
* What led up to the situation? After trying to update to bullseye, connecting to our LDAP server no longer works, both with pam_ldap package as well as using ldapsearch from ldap-utils. * What exactly did you do (or not do) that was effective (or ineffective)? On Debian 9 or 10, or on Ubuntu 22.04, our configuration works and ldapsearch with the -ZZ flag works. On Debian 11, it does not. I've tried installing the version of the openssl package that Debian 10 uses on a Debian 11 system, but still it didn't work. Querying the server with the following command works perfectly: openssl s_client -starttls ldap -connect <hostname>:<port> The output of this command says amongst other things "SSL handshake has read 4692 bytes and written 436 bytes. Verification: OK" and lists the full certificate chain. If adding the -showcerts flag, all certificates in the chain are shown succesfully. * What was the outcome of this action? ldapsearch gives the following output: ldap_start_tls: Connect error (-11) additional info: (unknown error code) * What outcome did you expect instead? It should query the LDAP server and successfully return data. -- System Information: Debian Release: 11.0 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.15.83-1-pve (SMP w/1 CPU thread) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages openssl depends on: ii libc6 2.31-13 ii libssl1.1 1.1.1k-1 openssl recommends no packages. Versions of packages openssl suggests: ii ca-certificates 20210119 -- no debconf information