Bug#462588: [Pkg-openldap-devel] Bug#462588: Same problem
Quanah Gibson-Mount wrote: Have you verified whether or not you can connect using LDAPS via the command line tools? (ldapsearch, ldapwhoami, etc). Yes I did: $ ldapsearch -H ldaps://localhost:636/ -X cn=admin ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1) The relevant line in /etc/default/slapd: SLAPD_SERVICES=ldap://127.0.0.1:389/ ldaps:/// And the relevant lines in /etc/ldap/slapd.conf: TLSCertificateFile /etc/ssl/private/mykey.crt TLSCertificateKeyFile /etc/ssl/private/mykey.key # original cipher suite string #TLSCipherSuite HIGH:-SSLv2:-RSA # cipher suite string as used before with OpenSSL #TLSCipherSuite HIGH:MEDIUM:-SSLv2 # all cipher suites as currently supported by gnutls, # constructed using command: # gnutls-cli -l | grep -E ^TLS | cut -d\ -f1 | xargs echo TLSCipherSuite TLS_ANON_DH_ARCFOUR_MD5 TLS_ANON_DH_3DES_EDE_CBC_SHA1 TLS_ANON_DH_AES_128_CBC_SHA1 TLS_ANON_DH_AES_256_CBC_SHA1 TLS_PSK_SHA_ARCFOUR_SHA1 TLS_PSK_SHA_3DES_EDE_CBC_SHA1 TLS_PSK_SHA_AES_128_CBC_SHA1 TLS_PSK_SHA_AES_256_CBC_SHA1 TLS_DHE_PSK_SHA_ARCFOUR_SHA1 TLS_DHE_PSK_SHA_3DES_EDE_CBC_SHA1 TLS_DHE_PSK_SHA_AES_128_CBC_SHA1 TLS_DHE_PSK_SHA_AES_256_CBC_SHA1 TLS_SRP_SHA_3DES_EDE_CBC_SHA1 TLS_SRP_SHA_AES_128_CBC_SHA1 TLS_SRP_SHA_AES_256_CBC_SHA1 TLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1 TLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1 TLS_SRP_SHA_DSS_AES_128_CBC_SHA1 TLS_SRP_SHA_RSA_AES_128_CBC_SHA1 TLS_SRP_SHA_DSS_AES_256_CBC_SHA1 TLS_SRP_SHA_RSA_AES_256_CBC_SHA1 TLS_DHE_DSS_ARCFOUR_SHA1 TLS_DHE_DSS_3DES_EDE_CBC_SHA1 TLS_DHE_DSS_AES_128_CBC_SHA1 TLS_DHE_DSS_AES_256_CBC_SHA1 TLS_DHE_RSA_3DES_EDE_CBC_SHA1 TLS_DHE_RSA_AES_128_CBC_SHA1 TLS_DHE_RSA_AES_256_CBC_SHA1 TLS_RSA_NULL_MD5 TLS_RSA_EXPORT_ARCFOUR_40_MD5 TLS_RSA_ARCFOUR_SHA1 TLS_RSA_ARCFOUR_MD5 TLS_RSA_3DES_EDE_CBC_SHA1 TLS_RSA_AES_128_CBC_SHA1 TLS_RSA_AES_256_CBC_SHA1 Before, using OpenSSL, everything worked perfectly. Now, LDAPS is completely broken. Regards, Timo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#462588: [Pkg-openldap-devel] Bug#462588: Same problem
--On Saturday, January 26, 2008 1:01 AM +0100 T.A. van Roermund [EMAIL PROTECTED] wrote: Hi, I have the same problem. Following your suggestion, I listed all the cipher suites using gnutls-cli -l and tried all of them. Now, slapd does start, but still Thunderbird cannot connect to the daemon, no matter which cipher suite was selected. Have you verified whether or not you can connect using LDAPS via the command line tools? (ldapsearch, ldapwhoami, etc). --Quanah -- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc Zimbra :: the leader in open source messaging and collaboration -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
