[Bug 1537762] Re: syncrepl does not work when using tls
Ian Gordon
ian.gordon at strath.ac.uk
Tue Jan 26 10:14:57 UTC 2016
Thanks for the pointers (I have no idea why I failed to find the gnutls26 bug yesterday when I looked)
bug 1533230 comment #12
(https://bugs.launchpad.net/ubuntu/+source/gnutls26/+bug/1534230/comments/12)
seems to be the same problem as I'm having.
Using the command:
gnutls-cli -p 636 ldaphost.domain.com --priority 'SECURE256:+SIGN-RSA-
SHA224:+SIGN-DSA-SHA224'
works but
gnutls-cli -p 636 ldaphost.domain.com --priority 'SECURE256'
does not work and gives an error of
*** Fatal error: The signature algorithm is not supported.
*** Handshake has failed
GnuTLS error: The signature algorithm is not supported.
Our slapd.conf file contained a
TLSCipherSuite SECURE256:-VERS-SSL3.0
which I think explains where syncrepl fails but ldapsearch still works
as it will use a SECURE128 cipher
I don't understand why I now need to add specific signature algorithms
to list now though?
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1537762
Title:
syncrepl does not work when using tls
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1537762/+subscriptions
More information about the Ubuntu-server-bugs
mailing list