Bug 852339 - some TLS ciphers cannot be enabled
Summary: some TLS ciphers cannot be enabled
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: openldap
Version: 6.3
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: rc
: ---
Assignee: Jan Vcelak
QA Contact: David Spurek
URL:
Whiteboard:
Depends On: 852338
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-08-28 08:41 UTC by Jan Vcelak
Modified: 2015-03-02 05:27 UTC (History)
6 users (show)

Fixed In Version: openldap-2.4.23-29.el6
Doc Type: Bug Fix
Doc Text:
Cause: libldap with TLS configured and enabled. Consequence: Not all TLS ciphers supported by Mozilla NSS library can be used. Fix: Patch applied which adds all missing ciphers supported by Mozilla NSS library to the internal list of ciphers in libldap. Result: All ciphers supported by Mozilla NSS can be used for TLS in libldap.
Clone Of: 852338
Environment:
Last Closed: 2013-02-21 09:46:20 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2013:0364 0 normal SHIPPED_LIVE openldap bug fix and enhancement update 2013-02-20 20:52:54 UTC

Description Jan Vcelak 2012-08-28 08:41:01 UTC
The same problem in RHEL (openldap-2.4.23-28.el6).

+++ This bug was initially created as a clone of Bug #852338 +++

Description of problem:

The list of ciphers in OpenLDAP with MozNSS backend is incomplete. Therefore, some ciphers cannot be enabled.


Version-Release number of selected component (if applicable):
openldap-2.4.32-2.fc17


How reproducible:
always


Steps to Reproduce:
1. LDAPTLS_CIPHER_SUITE=CAMELLIA ldapsearch -x ldaps://server
2.
3.

  
Actual results:
ldap_start_tls: Connect error (-11)


Expected results:
successfully connected


Additional info:

I already submitted a patch for this upstream:
http://www.openldap.org/its/index.cgi?findid=7367

Comment 5 Jan Vcelak 2012-09-25 16:10:24 UTC
Resolved in: openldap-2.4.23-29.el6

Comment 9 errata-xmlrpc 2013-02-21 09:46:20 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-0364.html


Note You need to log in before you can comment on or make changes to this bug.