Hi,
I found some new behavior with openldap server built against Mozilla
NSS(3.15.3) and our requirement is to use only TLSv1.2 ciphers only.
If I have following LDAP (Server+Client)configuration:
Scenario 1:
Openldap Server built against NSS(slap.conf) Openldap client
built against NSS(pam_ldap.conf)
TLSCipherSuite TLSv1.2 tls_ciphers TLSv1.2
Communication fails with LDAP server throwing following error:
--TLS: could not set cipher list TLSv1.2.
Any idea why LDAP server is throwing above error. Is that the case that cipher
string "TLSv1.2" is not recognized by Mozilla NSS.
Scenario 2:
Openldap Server built againit NSS(slap.conf) Openldap client
built against NSS(pam_ldap.conf)
TLSCipherSuite TLSv1.2+HIGH tls_ciphers
SSLv3
Scenario 3:
Openldap Server built againit NSS(slap.conf) Openldap client
built against NSS(pam_ldap.conf)
TLSCipherSuite SSlv3 tls_ciphers
TLSv1.2+HIGH
In Scenario 2 and 3, communication is successfully established. Any idea which
protocol ciphers is used for establishing the communication. AFAIK SSLv3 and
TLSv1.2 ciphers are different and incompatible.
Any help would be really appreciated.
With Regards,
Sam
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
