Full_Name: Quanah Gibson-Mount Version: 2.4.17 OS: Linux 2.6 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (75.111.29.239)

Debian bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=541256

OpenLDAP+gnutls worked fine for me for more than a year, but now I have TLS problems again. It started on my unstable client when libnss-ldap reported:

TLS: could not set cipher list TLS_RSA_AES_256_CBC_SHA1

Then I upgraded gnutls and ldap on my server from lenny to unstable and now even slapd doesn't start:

TLS: could not set cipher list TLS_RSA_AES_256_CBC_SHA1. main: TLS init def ctx failed: -1

If I comment out line which defines cipher:

TLSCipherSuite TLS_RSA_AES_256_CBC_SHA1

it works again.

$ gnutls-cli -l|grep TLS_RSA_AES_256_CBC_SHA1 TLS_RSA_AES_256_CBC_SHA1 0x00, 0x35 SSL3.0

...so I don't see why it shouldn't work.