Correct. The workaround to avoid the crash is to use a strictly valid GnuTLS cipher suite string, for example "NORMAL" or "SECURE128" or "SECURE192" or "SECURE256".
In those rare cases where those existing defaults are not acceptable (due to security concerns, for example), the minimal "search.c" program I attached to #4 can be used to try to find a valid cipher suite string, connecting to an LDAP server (using ldap:// URI, and StartTLS). It also reports the cipher, mac, and kx achieved when the StartTLS is successful. I'll see if I can report this upstream to openldap.org, too. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1103353 Title: Invalid GnuTLS cipher suite strings causes libldap to crash To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1103353/+subscriptions -- Ubuntu-server-bugs mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
