Hi,
I have openldap client(on RHEL 6.4) built with latest Mozilla NSS 3.15.3 and
have parameter
tls_ciphers TLSv1.2+HIGH
set in /etc/pam_ldap.conf configuration file. My application fails to connect
to openldap server with above configuration and errors out with following
message:
"SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher."
And if I set the cipher as
tls_ciphers TLSv1.2
Then it gives me weird error:
TLS: can't accept: (unknown).
5296d12b conn=1007 fd=15 closed (TLS negotiation failure)
Few more additional information:
a) Project requirement is to use only TLS 1.2 ciphers between server and client.
b) Openldap server is running with "TLSCipherSuite TLSv1.2+HIGH" configuration
in slapd.conf and built with openssl libraries.
c)I checked the server/client configuration with older protocols like
tls_ciphers SSLv3+HIGH
tls_ciphers TLSv1+HIGH
and it works fine. So it seems that problem is with TLS 1.2 protocol/Ciphers.
e) NSS 3.15.3 supports TLS 1.2
d) I checked the TLS 1.2 ciphers supported by server and client and they do
have common ciphers. One I can identify is AES256-SHA.
Question is what could be reason for failure. Is cipher string "tls_ciphers
TLSv1.2" (openssl format) correct for NSS mozilla or did I miss something.
Thanks,
Vincent
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
