I am having trouble accessing my openldap server over SSL using an iPhone/iPad/iPod Touch using ios 4.2.1. If I check the SSL box in the client setup on the iPhone/iPad/iPod Touch I get an error in the slapd log -- TLS negotiation Failure. With logging level 9 I get TLS accept failure error=-1 id=1.
Other clients work fine over SSL/StartTLS. Outlook, addressbook in osX 10.6, jxplorer.
I am using openldap 2.4.19-15 on RHEL6 with a comodo wildcard SSL cert.
Chris Jackson
On 21/02/11 20:25, Chris Jackson wrote:
I am having trouble accessing my openldap server over SSL using an iPhone/iPad/iPod Touch using ios 4.2.1. If I check the SSL box in the client setup on the iPhone/iPad/iPod Touch I get an error in the slapd log -- TLS negotiation Failure. With logging level 9 I get TLS accept failure error=-1 id=1.
Other clients work fine over SSL/StartTLS. Outlook, addressbook in osX 10.6, jxplorer.
I am using openldap 2.4.19-15 on RHEL6 with a comodo wildcard SSL cert.
FWIW we had a similar problem here with our mail server accepting IMAPS connections fine from everything except iPhones.
After some experimentation, I eventually found out it was because I had generated our new SSL keys with "openssl gendsa" and it seems that for some reason known only to Apple, only RSA keys as opposed to DSA keys are supported in their iPhone TLS/SSL implementation. Regenerating a new key with "openssl genrsa" instead and using that to sign the server SSL certificate instead solved the problem and allowed the iPhones to connect.
HTH,
Mark.
openldap-technical@openldap.org
-
Chris Jackson -
Mark Cave-Ayland