On Fri, May 12, 2023 at 9:59 PM Jeffrey Walton <noloa...@gmail.com> wrote:
>
> > terry.lem...@dell.com wrote:
>
> Looping back to this... This smells bad, too:
>
> > > CONNECTED(00000003)
> > > 139702302594704:error:140790E5:SSL routines:ssl23_write:ssl handshake
> > > failure:s23_lib.c:177:
>
> OpenSSL 3.x does not have the s23*.c files. Confer,
> https://github.com/openssl/openssl/tree/master/ssl .
>
> The last time there were s23*.c files, like s23_lib.c, was OpenSSL
> 1.0.2. Confer,
> https://github.com/openssl/openssl/tree/OpenSSL_1_0_2-stable/ssl
> .
>
> When I look that error up with with OpenSSL 3.0.2, I get a bogus error back:
>
> $ openssl errstr 0x140790E5
> error:140790E5:UI routines::reason(495845)
>
> $ openssl version
> OpenSSL 3.0.2 15 Mar 2022
>
> I'm wondering if OpenLDAP was compiled and linked against one version
> of the OpenSSL library, but it is getting runtime-linked with another
> [non-binary compat] version of OpenSSL by ldd.
>
> Are there multiple versions of OpenSSL available on that machine?
I probably should have mentioned... OpenSSL 1.0.2 is End of Life. It
only supports up to TLS v1.2. But it does have full ECC support.
See how this command works for you:
openssl s_client -tls1_2 \
-connect ldpdd042.hop.lab.emc.com:636 ...
Jeff
