[Issue 10094] New: When TLSv1.3 only are set TLS connection does not work

List overview All Threads
Download

newer

older

[Issue 10130] New: Several callers...

[Issue 10139] back-config...

openldap-its＠openldap.org

23 Aug 2023 23 Aug '23

9:53 a.m.

https://bugs.openldap.org/show_bug.cgi?id=10094

Issue ID: 10094 Summary: When TLSv1.3 only are set TLS connection does not work Product: OpenLDAP Version: 2.5.12 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs@openldap.org Reporter: nikigen68@gmail.com Target Milestone: ---

The configuration with only TLSv1.3 ciphers does not work

/etc/openldap/ldap.conf ... TLS_CIPHER_SUITE TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_8_SHA256:TLS_AES_128_CCM_SHA256 TLS_PROTOCOL_MIN 3.4

Configuration works only if at least one TLSv1.2 cipher suite is added. Then TLSv1.3 cipher is negotiated with the server.

Is there a known issue?

-- You are receiving this mail because: You are on the CC list for the issue.

Show replies by date

openldap-its＠openldap.org

24 Aug 24 Aug

12:07 a.m.

New subject: [Issue 10094] When TLSv1.3 only are set TLS connection does not work

https://bugs.openldap.org/show_bug.cgi?id=10094

--- Comment #1 from nikigen68@gmail.com --- Created attachment 977 --> https://bugs.openldap.org/attachment.cgi?id=977&action=edit Wireshark image of the TLS connection

SSL Continuation Data message noticed instead of Client Hello

-- You are receiving this mail because: You are on the CC list for the issue.

openldap-its＠openldap.org

12:08 a.m.

New subject: [Issue 10094] When TLSv1.3 only are set TLS connection does not work

https://bugs.openldap.org/show_bug.cgi?id=10094

--- Comment #2 from nikigen68@gmail.com --- Could be related to already solved issue: https://bugs.openldap.org/show_bug.cgi?id=10035

-- You are receiving this mail because: You are on the CC list for the issue.

openldap-its＠openldap.org

18 Sep 18 Sep

9:41 a.m.

New subject: [Issue 10094] When TLSv1.3 only are set TLS connection does not work

https://bugs.openldap.org/show_bug.cgi?id=10094

Quanah Gibson-Mount quanah@openldap.org changed:

--- Comment #3 from Quanah Gibson-Mount quanah@openldap.org --- Can you confirm that the fix for #10035 resolves the issue?

-- You are receiving this mail because: You are on the CC list for the issue.

openldap-its＠openldap.org

12 Oct 12 Oct

12:51 a.m.

New subject: [Issue 10094] When TLSv1.3 only are set TLS connection does not work

https://bugs.openldap.org/show_bug.cgi?id=10094

--- Comment #4 from nikigen68@gmail.com --- The issue is still seen on 2.5.16

-- You are receiving this mail because: You are on the CC list for the issue.

openldap-its＠openldap.org

9:11 a.m.

New subject: [Issue 10094] When TLSv1.3 only are set TLS connection does not work

https://bugs.openldap.org/show_bug.cgi?id=10094

Howard Chu hyc@openldap.org changed:

--- Comment #5 from Howard Chu hyc@openldap.org --- I've reproduced this issue. Will work up a fix.

-- You are receiving this mail because: You are on the CC list for the issue.

openldap-its＠openldap.org

9:25 a.m.

New subject: [Issue 10094] When TLSv1.3 only are set TLS connection does not work

https://bugs.openldap.org/show_bug.cgi?id=10094

Howard Chu hyc@openldap.org changed:

What |Removed |Added ---------------------------------------------------------------------------- Status|CONFIRMED |IN_PROGRESS

--- Comment #6 from Howard Chu hyc@openldap.org --- Fix in https://git.openldap.org/openldap/openldap/-/merge_requests/654

Please test, thanks.

-- You are receiving this mail because: You are on the CC list for the issue.

openldap-its＠openldap.org

9:30 a.m.

New subject: [Issue 10094] When TLSv1.3 only are set TLS connection does not work

https://bugs.openldap.org/show_bug.cgi?id=10094

Quanah Gibson-Mount quanah@openldap.org changed:

-- You are receiving this mail because: You are on the CC list for the issue.

openldap-its＠openldap.org

13 Oct 13 Oct

6:57 a.m.

New subject: [Issue 10094] When TLSv1.3 only are set TLS connection does not work

https://bugs.openldap.org/show_bug.cgi?id=10094

--- Comment #7 from nikigen68@gmail.com --- With fix everything seems fine when only TLSv1.3 are used but the problem is when TLSv1.2 are there. It seems that all supported TLSv1.2 are in the list even though only few of them are in the configuration file.

For example: # cat /etc/openldap/ldap.conf # This configuration file is generated by semc REFERRALS no TIMEOUT 3 TLS_CIPHER_SUITE ECDHE-ECDSA-AES256-GCM-SHA384:TLS_AES_128_GCM_SHA256 TLS_PROTOCOL_MIN 3.3

# see attached cipher_list picture to see the wireshark output

-- You are receiving this mail because: You are on the CC list for the issue.

openldap-its＠openldap.org

6:58 a.m.

New subject: [Issue 10094] When TLSv1.3 only are set TLS connection does not work

https://bugs.openldap.org/show_bug.cgi?id=10094

--- Comment #8 from nikigen68@gmail.com --- Created attachment 986 --> https://bugs.openldap.org/attachment.cgi?id=986&action=edit Only one TLSv1.2 and TLSv1.3 cipher is set, while in wireshark we can see all supported TLSv1.2 ciphers

-- You are receiving this mail because: You are on the CC list for the issue.

openldap-its＠openldap.org

1:03 p.m.

New subject: [Issue 10094] When TLSv1.3 only are set TLS connection does not work

https://bugs.openldap.org/show_bug.cgi?id=10094

--- Comment #9 from Howard Chu hyc@openldap.org --- Thanks, MR updated. Please try again.

-- You are receiving this mail because: You are on the CC list for the issue.

openldap-its＠openldap.org

16 Oct 16 Oct

5:19 a.m.

New subject: [Issue 10094] When TLSv1.3 only are set TLS connection does not work

https://bugs.openldap.org/show_bug.cgi?id=10094

--- Comment #10 from nikigen68@gmail.com --- Thanks. It works!

-- You are receiving this mail because: You are on the CC list for the issue.

openldap-its＠openldap.org

11 Jan 11 Jan

1:55 p.m.

New subject: [Issue 10094] When TLSv1.3 only are set TLS connection does not work

https://bugs.openldap.org/show_bug.cgi?id=10094

Quanah Gibson-Mount quanah@openldap.org changed:

--- Comment #11 from Quanah Gibson-Mount quanah@openldap.org --- head:

• 8c482cec by Howard Chu at 2023-10-20T16:33:02+00:00 ITS#10094 libldap/OpenSSL: fix setting ciphersuites

-- You are receiving this mail because: You are on the CC list for the issue.

openldap-its＠openldap.org

3:53 p.m.

New subject: [Issue 10094] When TLSv1.3 only are set TLS connection does not work

https://bugs.openldap.org/show_bug.cgi?id=10094

Quanah Gibson-Mount quanah@openldap.org changed:

What |Removed |Added ---------------------------------------------------------------------------- Resolution|TEST |FIXED

--- Comment #12 from Quanah Gibson-Mount quanah@openldap.org --- RE26:

• 70be1f17 by Howard Chu at 2024-01-11T21:55:59+00:00 ITS#10094 libldap/OpenSSL: fix setting ciphersuites

RE25:

• a15bef27 by Howard Chu at 2024-01-11T21:56:45+00:00 ITS#10094 libldap/OpenSSL: fix setting ciphersuites

-- You are receiving this mail because: You are on the CC list for the issue.

openldap-its＠openldap.org

29 Jan 29 Jan

12:38 p.m.

New subject: [Issue 10094] When TLSv1.3 only are set TLS connection does not work

https://bugs.openldap.org/show_bug.cgi?id=10094

Quanah Gibson-Mount quanah@openldap.org changed:

What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED

-- You are receiving this mail because: You are on the CC list for the issue.

298

Age (days ago)

457

Last active (days ago)

openldap-bugs@openldap.org

14 comments

1 participants

tags (0)

participants (1)

openldap-its＠openldap.org