--On Saturday, July 30, 2022 10:10 PM +0200 "A. Schulze"
<[email protected]> wrote:
Am 30.07.22 um 20:46 schrieb Jochen Keutel:
We did run into this issue because some special devices (e.G. Cisco
Prime Collaboration Assurance) cannot connect to the new OpenLDAP
server. The server logfile states: TLS handshake: negotiation failure.
It's not yet clear whether they really can "speak" only Camellia ...
it's called "openssl security level". Debian 11 defaults to seclevel=2,
camellia cipher are available in the seclevel=1
$ grep PRETTY_NAME /etc/os-release
PRETTY_NAME="Debian GNU/Linux 11 (bullseye)"
$ openssl ciphers -v | grep -i camellia | wc -l
0
$ openssl ciphers -v 'ALL;@SECLEVEL=1' | grep -i camellia | wc -l
28
As far as I'm aware, both Debian and Ubuntu continue to link OpenLDAP to
GnuTLS, so pointing out how openssl behaves probably doesn't help them
progress much. I'm guessing though that similar changes were done to the
GnuTLS defaults.
--Quanah
