Re: (ITS#6251) GnuTLS cipher suite failure - openldap-bugs

12 Aug 2009


      quanah@zimbra.com wrote:
...
Full_Name: Quanah Gibson-Mount
Version: 2.4.17
OS: Linux 2.6
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (75.111.29.239)
Debian bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=541256
OpenLDAP+gnutls worked fine for me for more than a year, but now I have
TLS problems again. It started on my unstable client when libnss-ldap
reported:
TLS: could not set cipher list TLS_RSA_AES_256_CBC_SHA1
Then I upgraded gnutls and ldap on my server from lenny to unstable and
now even slapd doesn't start:
TLS: could not set cipher list TLS_RSA_AES_256_CBC_SHA1.
main: TLS init def ctx failed: -1
If I comment out line which defines cipher:
TLSCipherSuite     TLS_RSA_AES_256_CBC_SHA1
it works again.
$ gnutls-cli -l|grep TLS_RSA_AES_256_CBC_SHA1
TLS_RSA_AES_256_CBC_SHA1     0x00, 0x35      SSL3.0
...so I don't see why it shouldn't work.
This appears to be caused by our switch to using GnuTLS's cipher suite parsing 
functions in 2.4.14 (due to ITS#5887). The syntax that GnuTLS uses is quite 
different from what we were using in 2.4.13 and earlier. Also, the GnuTLS 
documentation on their format is misleading and just plain wrong on several 
points.
We can treat this as an OpenLDAP doc bug, or we can revert to the pre-ITS#5887 
behavior, which still works as expected. (But then we will be incompatible 
with the behavior described in the current GnuTLS documentation. But of 
course, the doc is wrong anyway.)
For reference, the GnuTLS doc says you can list suite names in a semicolon 
separated list, and they may optionally be prefixed with "+" or "-" to add or 
remove particular elements from the list.
In fact, the list must be colon separated, and the "+" is required. Just 
listing the name will cause an error. Also, the actual suite names cannot be 
used, only the individual algorithm names are recognized. So instead of the 
suite name "TLS_RSA_AES_256_CBC_SHA1" you must specify "+AES-256-CBC:+SHA1". 
This method is more error-prone, because it makes it possible to specify a 
list of algorithms that do not conform to any valid suite.
All in all, it may be best to revert back to using our own suite parser and 
ignore the one GnuTLS provides.
-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/