On Oct 2, 2013, at 20.16, Axel Grosse agrosse@axway.com wrote:
Hi ben, thanks for the comment. agree with you on TLS usage should be perferred but the client that is connecting is only capable of LDAPS ... he has not implemented TLS Client jet .
But can you please take a look to the error I am facing
openssl s_client -connect 192.168.30.169:389 -showcerts -CAfile ./ssl/VordelCA.crt CONNECTED(00000003) 710:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188:
any idea what can cause this ?
if you have a client that is only capable of ldaps, then you should be connecting to port 636, the ldaps port. under nominal circumstances, you cannot do ldaps via port 389. to make use of encryption and use port 389, you need to use starttls [not ldaps], which for s_client means using the -starttls option [but s_client does not do starttls for ldap anyway].
-ben