Full_Name: Quanah Gibson-Mount Version: 2.4.17 OS: Linux 2.6 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (75.111.29.239)
Debian bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=541256
OpenLDAP+gnutls worked fine for me for more than a year, but now I have TLS problems again. It started on my unstable client when libnss-ldap reported:
TLS: could not set cipher list TLS_RSA_AES_256_CBC_SHA1
Then I upgraded gnutls and ldap on my server from lenny to unstable and now even slapd doesn't start:
TLS: could not set cipher list TLS_RSA_AES_256_CBC_SHA1. main: TLS init def ctx failed: -1
If I comment out line which defines cipher:
TLSCipherSuite TLS_RSA_AES_256_CBC_SHA1
it works again.
$ gnutls-cli -l|grep TLS_RSA_AES_256_CBC_SHA1 TLS_RSA_AES_256_CBC_SHA1 0x00, 0x35 SSL3.0
...so I don't see why it shouldn't work.