[Expired for openldap (Ubuntu) because there has been no activity for 60
days.]
** Changed in: openldap (Ubuntu)
Status: Incomplete => Expired
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Just confirmed, changing the ldap server's cipher suite to the one that
works in testing with gnutls-cli gets syncrepl going. I've attached the
ldif file I used to fix ldap, I needed to restart slapd afterwards. Use
the following command to apply, as root, on the server:
ldapmodify -Q -Y EXTERNAL
I've just run into this issue. Running the test with gnutls-cli with
only SECURE256, we see the same issue, but our certs do have a good
signing algorithm, "Signature Algorithm: sha256WithRSAEncryption".
What's weird to me, and maybe I dont understand just how significant the order
of the cipher
Perhaps the issue is that your certificates have too short RSA keys. In
GnuTLS SECURE256 requires at least 3072-bit public key. Unfortunately,
this is not clearly documented.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Perhaps the issue is that your certificates have too short RSA keys. In
GnuTLS SECURE256 requires at least 3072-bit public key. Unfortunately,
this is not clearly documented.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap in
Thanks for the pointers (I have no idea why I failed to find the gnutls26 bug
yesterday when I looked)
bug 1533230 comment #12
(https://bugs.launchpad.net/ubuntu/+source/gnutls26/+bug/1534230/comments/12)
seems to be the same problem as I'm having.
Using the command:
gnutls-cli -p 636
Thanks for the pointers (I have no idea why I failed to find the gnutls26 bug
yesterday when I looked)
bug 1533230 comment #12
(https://bugs.launchpad.net/ubuntu/+source/gnutls26/+bug/1534230/comments/12)
seems to be the same problem as I'm having.
Using the command:
gnutls-cli -p 636
Hi Ian,
I found https://stathers.net/2016/01/14/thawte-premium-ssl-
md5-gnutls.html but it would be surprising if that broke syncrepl but
not ldapsearch. Still, worth checking if you haven't already.
(ldapsearch and syncrepl are using the same CA certificate, right?)
Is there any interesting
Hi Ian,
I found https://stathers.net/2016/01/14/thawte-premium-ssl-
md5-gnutls.html but it would be surprising if that broke syncrepl but
not ldapsearch. Still, worth checking if you haven't already.
(ldapsearch and syncrepl are using the same CA certificate, right?)
Is there any interesting
Please also have a look at
https://bugs.launchpad.net/ubuntu/+source/gnutls26/+bug/1534230 (thanks
to sarnold for the pointer)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1537762
Please also have a look at
https://bugs.launchpad.net/ubuntu/+source/gnutls26/+bug/1534230 (thanks
to sarnold for the pointer)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1537762
Title:
syncrepl
11 matches
Mail list logo