Am Thu, 3 Oct 2013 00:16:28 +0000 schrieb Axel Grosse <[email protected]>:
> Hi ben, > thanks for the comment. > agree with you on TLS usage should be perferred > but the client that is connecting is only capable of LDAPS ... he has > not implemented TLS Client jet . > > But can you please take a look to the error I am facing > > openssl s_client -connect 192.168.30.169:389 -showcerts > -CAfile ./ssl/VordelCA.crt CONNECTED(00000003) > 710:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake > failure:s23_lib.c:188: > > any idea what can cause this ? > > > AXEL GROSSE > Principal Solution Architect, Sales Solution Center, Axway > P: +61-405-995-768 > 828 Pacific Highway > Gordon, 2072 NSW > [email protected] > http://www.axway.com > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of btb > Sent: Wednesday, 2 October 2013 10:57 PM To: > [email protected] Subject: Re: Openldap server with TLS > not working > > On 2013.10.02 07.29, Axel Grosse wrote: > > > when I test on the server itself .. > > openssl s_client -connect 192.168.30.169:389 -showcerts -CAfile > > ./ssl/VordelCA.crt > > CONNECTED(00000003) > > 710:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake > > failure:s23_lib.c:188: > > ldaps [port 636] is deprecated. use starttls with the standard port > [389]. to test, just use ldapsearch [see the reference to -Z in the > man page] You are connnecting to port 389, but s_client is not able to initiate a LDAP startTLS session (only SMTP and IMAP), so you have to connect ldaps and port 636. -Dieter -- Dieter Klünter | Systemberatung http://dkluenter.de GPG Key ID:DA147B05 53°37'09,95"N 10°08'02,42"E
