Hi, I have openldap client(on RHEL 6.4) built with latest Mozilla NSS 3.15.3 and have parameter
tls_ciphers TLSv1.2+HIGH set in /etc/pam_ldap.conf configuration file. My application fails to connect to openldap server with above configuration and errors out with following message: "SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher." And if I set the cipher as tls_ciphers TLSv1.2 Then it gives me weird error: TLS: can't accept: (unknown). 5296d12b conn=1007 fd=15 closed (TLS negotiation failure) Few more additional information: a) Project requirement is to use only TLS 1.2 ciphers between server and client. b) Openldap server is running with "TLSCipherSuite TLSv1.2+HIGH" configuration in slapd.conf and built with openssl libraries. c)I checked the server/client configuration with older protocols like tls_ciphers SSLv3+HIGH tls_ciphers TLSv1+HIGH and it works fine. So it seems that problem is with TLS 1.2 protocol/Ciphers. e) NSS 3.15.3 supports TLS 1.2 d) I checked the TLS 1.2 ciphers supported by server and client and they do have common ciphers. One I can identify is AES256-SHA. Question is what could be reason for failure. Is cipher string "tls_ciphers TLSv1.2" (openssl format) correct for NSS mozilla or did I miss something. Thanks, Vincent -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto