no shared cipher error

7 Dec 2009


      Good day all,
I am getting the following error on an openldap v2.3 server when attempting communication from an ldap client...
------------------------
TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL3 alert write:fatal:handshake failure
TLS trace: SSL_accept:error in SSLv3 read client hello B
TLS trace: SSL_accept:error in SSLv3 read client hello B
TLS: can't accept.
TLS: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher s3_srvr.c:974
------------------------
I only get this when connecting to openldap server from a client.
I do not get this error when I use the openssl client / server commands method.
Output below....
Thanks for any help.
-Josh
-----------------------------------------------------
openssl s_server -accept 1982 -cert /etc/openldap/cacerts/servercrt.pem -key /etc/openldap/cacerts/serverkey.pem
ACCEPT
-----BEGIN SSL SESSION PARAMETERS-----
--hidden-text--
--hidden-text--
--hidden-text--
-----END SSL SESSION PARAMETERS-----
Shared ciphers:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:DHE-DSS-RC4-SHA:RC4-SHA:RC4-MD5:EXP1024-DHE-DSS-DES-CBC-SHA:EXP1024-DES-CBC-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP1024-DHE-DSS-RC4-SHA:EXP1024-RC4-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5
CIPHER is DHE-RSA-AES256-SHA
------------------------------------------------------
-------------------------------------------------------------------
openssl s_client -connect ldapurl.example.com:1982 -CAfile /path/to/cacert
CONNECTED(00000003)
depth=1 --hidden-text--
verify return:1
depth=0 --hidden-text--
verify return:1
---
Certificate chain
 0 s:/--hidden-text--
   i:/--hidden-text--
---
Server certificate
-----BEGIN CERTIFICATE-----
--hidden-text--
--hidden-text--
--hidden-text--
--hidden-text--
-----END CERTIFICATE-----
subject=/--hidden-text--
issuer=/--hidden-text--
---
No client certificate CA names sent
---
SSL handshake has read 1250 bytes and written 276 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: --hidden-text--
    Session-ID-ctx: 
    Master-Key: --hidden-text--
    Key-Arg   : None
    Start Time: 1260195189
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
---------------------------------------------------------------------------------------------

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

no shared cipher error