[email protected] wrote: > Full_Name: Swati > Version: 2.4.32 > OS: RHEL5 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (115.113.153.34) > > > openldap is not supporting CAMELLIA based ciphers(both RSA and DSA based) > I have configured SSL LDAP(LDAPS) and on checking SSL connection with LDAPS > server with CAMELLIA based cipher leads to failure in handshake:
OpenLDAP doesn't implement any ciphers at all; the ciphers are provided by whichever TLS implementation you're using. Closing this ITS. > > openssl s_client -connect localhost:636 -showcerts -cipher > DHE-DSS-CAMELLIA256-SHA -state -CAfile /path_to_cert -cert > /path_to_client_cert > -key /path_to_client_key > CONNECTED(00000003) > SSL_connect:before/connect initialization > SSL_connect:SSLv2/v3 write client hello A > SSL3 alert read:fatal:handshake failure > SSL_connect:error in SSLv2/v3 read server hello A > 47726707455072:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert > handshake failure:s23_clnt.c:741: > --- > no peer certificate available > --- > No client certificate CA names sent > --- > SSL handshake has read 7 bytes and written 102 bytes > --- > New, (NONE), Cipher is (NONE) > Secure Renegotiation IS NOT supported > Compression: NONE > Expansion: NONE > > Handshake is failing with all camellia ciphers. > > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
