https://bugs.openldap.org/show_bug.cgi?id=9546
Issue ID: 9546
Summary: error:141A90B5:SSL
routines:ssl_cipher_list_to_bytes:no ciphers available
Product: OpenLDAP
Version: 2.5.4
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: ---
Component: slapd
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
TL;DR:
TLSCipherSuite HIGH in slapd.conf results in this error message both for
incoming connections and out-going syncrepl connections:
error:141A90B5:SSL routines:ssl_cipher_list_to_bytes:no ciphers available.
If I comment TLSCipherSuite in the 2.5.4 slapd.conf everything works.
Details:
It fails when setting this in slapd provider (2.4.58) *and* consumer
(2.5.4):
TLSProtocolMin 3.3
TLSCipherSuite HIGH
This works when connecting with 2.5.4 CLI tools to 2.4.58 server:
LDAPNOINIT=1 LDAPTLS_PROTOCOL_MIN=3.3 LDAPTLS_CIPHER_SUITE=HIGH
/opt/openldap-ms/bin/ldapwhoami ..
But connecting even only with openssl s_client to 2.5.4 server does not
work with the above TLSCipherSuite settings.
All systems have OpenSSL 1.1.1k. The symlink
/etc/crypto-policies/back-ends/openssl.config points to
/usr/share/crypto-policies/DEFAULT/openssl.txt which has this single line:
@SECLEVEL=2:kEECDH:kRSA:kEDH:kPSK:kDHEPSK:kECDHEPSK:kRSAPSK:-aDSS:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8
Not sure what is really affected by this file.
You can see how RPMs are built in OBS:
https://build.opensuse.org/package/show/security:tls/openssl-1_1
https://build.opensuse.org/package/show/home:stroeder:openldap25/openldap-ms
--
You are receiving this mail because:
You are on the CC list for the issue.
