DEVHIDE
Login Or Sign up

Upgrade of Openssl and OpenLDAP

79 Views Asked by At

During the upgrade of Openssl and OpenLDAP on Windows Servers 2016 & 2019, from Openssl 1.1.1k and OpenLDAP 2.4.47 to Openssl 3.0.10 and OpenLDAP 2.5.16, an error has emerged. Despite validating certificates and ensuring TLS protocol version 1.2 for communication with the LDAP server, the error persists. The connection to the LDAP server is established via the Windows API. Is there any recommended CipherSuite for this migration?

Error Log:

TLS trace: SSL_accept:before SSL initialization
TLS trace: SSL_accept:SSLv3/TLS read client hello
TLS trace: SSL_accept:SSLv3/TLS write server hello
TLS trace: SSL_accept:SSLv3/TLS write certificate
TLS trace: SSL_accept:SSLv3/TLS write key exchange
TLS trace: SSL_accept:SSLv3/TLS write certificate request
tls_write: want=1800, written=1800
TLS trace: SSL_accept:SSLv3/TLS write server done
tls_read: want=5 error=Unknown error
TLS trace: SSL_accept:error in SSLv3/TLS write server done
daemon: activity on 1 descriptor
daemon: waked
daemon: WSselect: listen=2 active_threads=0 tvp=NULL
daemon: activity on 4 descriptors
daemon: activity on:656830b0.2bc5f387 000027C0  3r656830b0.2bc7812f 000027C0
daemon: read activity on 3
daemon: WSselect: listen=2 active_threads=0 tvp=NULL
connection_get(3)
connection_get(3): got connid=1000
connection_read(3): checking for input on id=1000
tls_read: want=5, got=0
TLS trace: SSL_accept:error in SSLv3/TLS write server done
TLS: can't accept: (unknown).
connection_read(3): TLS accept failure error=-1 id=1000, closing
connection_closing: readying conn=1000 sd=3 for close
daemon: activity on 1 descriptor
daemon: waked
daemon: WSselect: listen=2 active_threads=0 tvp=NULL
connection_close: conn=1000 sd=3
daemon: removing 3
conn=1000 fd=3 closed (TLS negotiation failure)

Registry entries:

[...\SCHANNEL\Protocols]
[...\SCHANNEL\Protocols\SSL 2.0]
[...\SCHANNEL\Protocols\SSL 2.0\Client]
"DisabledByDefault"=dword:00000001
[...\SCHANNEL\Protocols\SSL 3.0]
[...\SCHANNEL\Protocols\SSL 3.0\Client]
"DisabledByDefault"=dword:00000001
"Enabled"=dword:00000000
[...\SCHANNEL\Protocols\SSL 3.0\Server]
"Enabled"=dword:00000000
"DisabledByDefault "=dword:00000001
[...\SCHANNEL\Protocols\TLS 1.0]
[...\SCHANNEL\Protocols\TLS 1.0\Client]
"DisabledByDefault"=dword:00000001
"Enabled"=dword:00000000
[...\SCHANNEL\Protocols\TLS 1.0\Server]
"DisabledByDefault"=dword:00000001
"Enabled"=dword:00000000
[...\SCHANNEL\Protocols\TLS 1.2]
[...\SCHANNEL\Protocols\TLS 1.2\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001
[...\SCHANNEL\Protocols\TLS 1.2\Server]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001
[...\SCHANNEL\Protocols\TLS 1.3]
[...\SCHANNEL\Protocols\TLS 1.3\Client]
"DisabledByDefault"=dword:00000001
"Enabled"=dword:00000000
[...\SCHANNEL\Protocols\TLS 1.3\Server]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001

Slapd.conf file:

include D:/Test/schema/core.schema
include D:/Test/schema/test.schema
security ssf=256
ssl openssl tls1.2 openldap slapd
Original Q&A
0

There are 0 best solutions below

Related Questions in SSL

Related Questions in OPENSSL

Related Questions in TLS1.2

Related Questions in OPENLDAP

Related Questions in SLAPD

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.