Hello,
I am using openssl - 1.1.1d Slapd Version - 2.4.47
I have complied slapd against the openssl to use the support ofTLSv1.3 The path is /opt/openssl/bin/openssl
Now, I have a doubt, when I run the below command I get the expected output. /opt/openssl/bin/openssl s_client -connect localhost:636
But when I run /opt/openssl/bin/openssl s_client -connect localhost:389, I get the output as below: root@xxxxxxxxx# /opt/openssl/bin/openssl s_client -connect localhost:389 CONNECTED(00000003) write:errno=0 --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 293 bytes Verification: OK --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- +++++++++++++++++++++++++++++++++++++++++++++++++++++ Is this correct? I mean I dont face any issues but the output does not show the Protocol used.
++++++ As for the present openssl I get the below output where it shows the protocol used.
root@cxxxxxxxxxxxx# openssl s_client -connect localhost:389 CONNECTED(00000003) write:errno=0 --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 176 bytes Verification: OK --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: PSK identity: None PSK identity hint: None SRP username: None Start Time: 1600959876 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no ---
So I am wondering, If I am missing on anything or is it fine ?
--On Thursday, September 24, 2020 9:51 PM +0530 Shaheena Kazi shaheena.kazi@gmail.com wrote:
But when I run /opt/openssl/bin/openssl s_client -connect localhost:389, I get the output as below: root@xxxxxxxxx# /opt/openssl/bin/openssl s_client -connect localhost:389
You have to issue an LDAP startTLS, which you failed to do.
I.e.,
openssl s_client -connect localhost:389 -starttls ldap
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
--On Thursday, September 24, 2020 9:51 PM +0530 Shaheena Kazi shaheena.kazi@gmail.com wrote:
Hello,
I am using openssl - 1.1.1d Slapd Version - 2.4.47
Also, if you are building slapd, why are you using a release that's nearly 2 years old instead of the current release?
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
openldap-technical@openldap.org