--On Tuesday, August 19, 2014 1:50 PM +0200 Oriol Rosa Ramoneda
<[email protected]> wrote:
Hello,
We are facing an issue in one of our openldap environments, while
enabling secure queries via ldaps:// our integration environment keeps
returning the following error to out ldapsearch command:
SSL3_READ_BYTES:sslv3 alert bad record mac
while the same command pointing to our production environment connects
correctly and returns matching entries.
Both run under the following versions:
Red Hat Enterprise Linux Server release 6.2 (Santiago)
OpenLDAP: slapd 2.4.23
OpenSSL 1.0.0-fips
2.4.23 is over 4 years old. In addition, the build supplied by RHEL if
that's what you're using) is linked to NSS, not OpenSSL, and has a number
of RHEL specific problems. I'd strongly advise upgrading to a current
release and an OpenSSL linked OpenLDAP.
I would also note there were series kernel issues in the 6.2 patch level
(At Zimbra, we require patch level 4 or later due to various issues with
RHEL6 at the previous levels).
--Quanah
--
Quanah Gibson-Mount
Server Architect
Zimbra, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
