Hi,
how do I check this?
On both servers I do have installed the same client and server software
and performing a secured connection from both systems to the master
server works; from both systems to the slave server fails.
Regards,
Götz
Am 01.04.10 21:57, schrieb Konrads Smelkovs:
> Make sure that the client and the server can use same suite of ciphers.
> --
> Konrads Smelkovs
> Applied IT sorcery.
>
>
> On Thu, Apr 1, 2010 at 3:34 PM, Götz Reinicke - IT-Koordinator
> <goetz.reini...@filmakademie.de <mailto:goetz.reini...@filmakademie.de>>
> wrote:
>
> Hi,
>
> this drives my crazy for about two days:
>
> I do have two virtual Red Hat El 5.4 servers in a test environment. One
> should be an openldap master, the second should be a openldap slave.
>
> openssl-0.9.8e-12.el5_4.1, openldap-2.3.43-3.el5 (RH EL original rpms)
>
> I followed some instructions to set up TLS: Set up a CA, generate/sign
> certificates and keys, install tham on the servers and configure
> openldap, restart.
>
> My problem is: tls works on the master (which also is my CA for the
> test), but not on the slave.
>
> I've "openssl verify"ed and "openssl x509 -text"ed the certs -
> everything seams o.k.
>
> I've checked ip addresses, name resolving, locations, pathes,
> permissions, fileversions - anything I can think of.
>
> I've regenerated the key and cert for the slave following an other
> documentation (at least with the same steps), but alway do get the same
> error:
>
> from the ldap server debug:
>
> TLS trace: SSL3 alert write:fatal:handshake failure
> TLS trace: SSL_accept:error in SSLv3 read client hello B
> TLS trace: SSL_accept:error in SSLv3 read client hello B
> TLS: can't accept.
> TLS: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
> s3_srvr.c:975
> connection_read(13): TLS accept failure error=-1 id=0, closing
>
> from the ldap client debug:
>
> TLS trace: SSL3 alert read:fatal:handshake failure
> TLS trace: SSL_connect:error in SSLv2/v3 read server hello A
> TLS: can't connect.
> ldap_perror
> ldap_start_tls: Connect error (-11)
> additional info: error:14077410:SSL
> routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
>
> May be I missed a step or still skiped something ...
>
> A thousand kowtows for any helping hint...!!
>
> Best regards,
>
> Götz
--
Götz Reinicke
IT-Koordinator
Tel. +49 7141 969 420
Fax +49 7141 969 55 420
E-Mail goetz.reini...@filmakademie.de
Filmakademie Baden-Württemberg GmbH
Akademiehof 10
71638 Ludwigsburg
www.filmakademie.de
Eintragung Amtsgericht Stuttgart HRB 205016
Vorsitzende des Aufsichtsrats:
Prof. Dr. Claudia Hübner
Staatsrätin für Demographischen Wandel und für Senioren im Staatsministerium
Geschäftsführer:
Prof. Thomas Schadt
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
