Hi, I found some new behavior with openldap server built against Mozilla NSS(3.15.3) and our requirement is to use only TLSv1.2 ciphers only.
If I have following LDAP (Server+Client)configuration: Scenario 1: Openldap Server built against NSS(slap.conf) Openldap client built against NSS(pam_ldap.conf) TLSCipherSuite TLSv1.2 tls_ciphers TLSv1.2 Communication fails with LDAP server throwing following error: --TLS: could not set cipher list TLSv1.2. Any idea why LDAP server is throwing above error. Is that the case that cipher string "TLSv1.2" is not recognized by Mozilla NSS. Scenario 2: Openldap Server built againit NSS(slap.conf) Openldap client built against NSS(pam_ldap.conf) TLSCipherSuite TLSv1.2+HIGH tls_ciphers SSLv3 Scenario 3: Openldap Server built againit NSS(slap.conf) Openldap client built against NSS(pam_ldap.conf) TLSCipherSuite SSlv3 tls_ciphers TLSv1.2+HIGH In Scenario 2 and 3, communication is successfully established. Any idea which protocol ciphers is used for establishing the communication. AFAIK SSLv3 and TLSv1.2 ciphers are different and incompatible. Any help would be really appreciated. With Regards, Sam -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto