On 2018-11-05, Joel Carnat <[email protected]> wrote: > Le 05/11/2018 13:48, Stuart Henderson a écrit : >> On 2018-11-05, Joel Carnat <[email protected]> wrote: >>> Hi, >>> >>> I'm using ldap(1) to query a remote Synology Directory Server >>> (OpenLDAP >>> 2.4.x). >>> Unfortunately, it fails saying: >>> TLS failed: handshake failed: error:14004410:SSL >>> routines:CONNECT_CR_SRVR_HELLO:sslv3 alert handshake failure >>> ldap: LDAP connection failed >>> >>> When I use the OpenLDAP ldapsearch, same arguments, I succeeds. >>> >>> Using openssl s_client, I could confirm that the OpenLDAP server >>> accept >>> TLS: >>> New, TLSv1/SSLv3, Cipher is AES256-GCM-SHA384 >>> Server public key is 2048 bit >>> Secure Renegotiation IS supported >>> Compression: NONE >>> Expansion: NONE >>> No ALPN negotiated >>> SSL-Session: >>> Protocol : TLSv1.2 >>> (...) >> >> If this were a cert problem you'd get a message like this from ldap(1) >> >> TLS failed: certificate verification failed: unable to get local >> issuer certificate >> ldap: LDAP connection failed >> >> or >> >> TLS failed: name `XX' not present in server certificate >> >> So it's not that. >> >> ldap(1) uses libtls which defaults to only allowing secure ciphers, >> specifically TLSv1.2+AEAD+ECDHE:TLSv1.2+AEAD+DHE. >> >> ldap(1) doesn't provide a way to weaken that, though you could add >> a call to tls_config_set_ciphers(tls_config, "compat") in >> ldapc_connect() >> to test if it would work. >> >> Or an s_client command that would force these ciphers: >> >> openssl s_client -cipher TLSv1.2+AEAD+ECDHE:TLSv1.2+AEAD+DHE -CAfile >> /etc/ssl/cert.pem -connect $hostname:636 >> >> If not, perhaps the Synology box is using old OpenSSL without support >> for these ciphers, or perhaps the cipher config is forcing only old >> ciphers. FWIW this is what I am currently using on OpenBSD slapd: >> >> olcTLSCipherSuite: TLSv1.2+AEAD+ECDHE:TLSv1.2+AEAD+DHE > > olcTLSCipherSuite is, by default, empty. > I could change it to > "HIGH:+SSLv3:+TLSv1:MEDIUM:+SSLv2:@STRENGTH:+SHA:+MD5:!NULL" which > doesn't solve the problem. > When I try to set it as yours, it says: > dn: cn=config > changetype: modify > replace: olcTLSCipherSuite > olcTLSCipherSuite: TLSv1.2+AEAD+ECDHE:TLSv1.2+AEAD+DHE > > modifying entry "cn=config" > ldap_modify: Other (e.g., implementation specific) error (80) > > From OpenBSD, the openssl commands returns: > CONNECTED(00000003) > 13559346237984:error:14004410:SSL routines:CONNECT_CR_SRVR_HELLO:sslv3 > alert handshake failure:/usr/src/lib/libssl/ssl_pkt.c:1200:SSL alert > number 40 > 13559346237984:error:140040E5:SSL routines:CONNECT_CR_SRVR_HELLO:ssl > handshake failure:/usr/src/lib/libssl/ssl_pkt.c:585: > --- > no peer certificate available > --- > No client certificate CA names sent > --- > SSL handshake has read 7 bytes and written 0 bytes > --- > New, (NONE), Cipher is (NONE) > Secure Renegotiation IS NOT supported > Compression: NONE > Expansion: NONE > No ALPN negotiated > SSL-Session: > Protocol : TLSv1.2 > Cipher : 0000 > Session-ID: > Session-ID-ctx: > Master-Key: > Start Time: 1541425938 > Timeout : 7200 (sec) > Verify return code: 0 (ok) > --- > > On the syno, I can see: > # openssl version > OpenSSL 1.0.2o-fips 27 Mar 2018 > # openssl ciphers -v TLSv1.2+AEAD+ECDHE:TLSv1.2+AEAD+DHE > Error in cipher list > 139812538357392:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no > cipher match:ssl_lib.c:1383: > > Does this definitively indicates "ldap search" won't work with > OpenLDAP/OpenSSL shipped in Synology DSM ? > >
Oh, I see this cipher list syntax wasn't available in 1.0.x, to check you'll need to expand it (on libressl or openssl 1.1) and pass the whole string in. e.g. try this openssl ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256 and see which if any are available with their 1.0.2o-fips build. If there's no common cipher then "ldap search" can't work with TLS without patching.
