Seyeong Kim <seyeong.kim <at> canonical.com> writes: > > Hello > > I have an issue with gnutls ( maybe not ) and Windows 2008r2 Ldap > > when I tried to ldapsearch to windows ldap, I got below message > > TLS: can't connect: A TLS packet with unexpected length was received.. > > there are two AD, 2008r2, 2012r2 and I could only see this error on 2012r2 + ubuntu 14.xx combination > > I checked gnutls version > > libgnutls26 | 2.12.23-12ubuntu2.3 > > libgnutls-deb0-28 | 3.3.8-3ubuntu3 | vivid > > Is there any commits I can refer to this issue? > > I know there are large differences between two versions. so I need an advice. > > Thanks >
Hello, GnuTLS and SChannel (Microsoft) implementations are not (yet) compatible for TLS 1.2 negotiation during AD/LDAPS binding. The trick is to disable TLS1.2 for OpenLDAP like this: export LDAPTLS_CIPHER_SUITE=NORMAL:!VERS-TLS1.2 If you are binding AD/LDAP from PHP, you can do something like that: putenv(‘LDAPTLS_CIPHER_SUITE=NORMAL:!VERS-TLS1.2’); Hope it helps Best regards, Andre _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
