goodgoingswati@gmail.com wrote:

Full_Name: Swati Version: 2.4.32 OS: RHEL5 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (115.113.153.34)

openldap is not supporting CAMELLIA based ciphers(both RSA and DSA based) I have configured SSL LDAP(LDAPS) and on checking SSL connection with LDAPS server with CAMELLIA based cipher leads to failure in handshake:

OpenLDAP doesn't implement any ciphers at all; the ciphers are provided by whichever TLS implementation you're using. Closing this ITS.

openssl s_client -connect localhost:636 -showcerts -cipher DHE-DSS-CAMELLIA256-SHA -state -CAfile /path_to_cert -cert /path_to_client_cert -key /path_to_client_key CONNECTED(00000003) SSL_connect:before/connect initialization SSL_connect:SSLv2/v3 write client hello A SSL3 alert read:fatal:handshake failure SSL_connect:error in SSLv2/v3 read server hello A 47726707455072:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:741:

---

no peer certificate available

No client certificate CA names sent

SSL handshake has read 7 bytes and written 102 bytes

New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE

Handshake is failing with all camellia ciphers.