Re: TLSVerifyClient => no login possible

Dieter Kluenter schrieb: Hi Dieter, I get the following output: lmvserver:~ #openssl ciphers SSLv2 DES-CBC3-MD5:DES-CBC-MD5:EXP-RC2-CBC-MD5:RC2-CBC-MD5:EXP-RC4-MD5:RC4-MD5 lmvserver:~ # openssl ciphers MEDIUM ADH-RC4-MD5:RC4-SHA:RC4-MD5:RC2-CBC-MD5:RC4-MD5 lmvserver:~ # openssl ciphers HIGH ADH-CAMELLIA256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:CAMELLIA256-SHA:ADH-CAMELLIA128-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:CAMELLIA128-SHA:ADH-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:ADH-AES128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:ADH-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-MD5 So I think, this should work?! SSLv3 is also available. Is it better to use "TLSCipherSuite HIGH:MEDIUM:+SSLv3"? Oh, I had not posted the solution of my major problem: I mixed ip's and host names (in /etc/ldap.conf I used ip's and in certificates host names). Due to the comment in /etc/ldap.conf "the LDAP- Server must be resolveable without ldap" I thought that it is better to use the ip of our server. Also, I used as common name instead of servers host name the client name (in every client cert the according client host name). So this could not work......I was a little bit confused of configuring multiple ldap.conf- file, but thanks to Dieter the server is up and running. -- Mit freundlichen Grüßen Sebastian Reinhardt