Debian Bug report logs - #648056
Openldap fails to use existing cipher TLS_RSA_3DES_EDE_CBC_SHA1

version graph

Package: slapd; Maintainer for slapd is Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>; Source for slapd is src:openldap.

Reported by: Christophe Ségui <christophe.segui@math.univ-toulouse.fr>

Date: Tue, 8 Nov 2011 17:27:01 UTC

Severity: normal

Found in version openldap/2.4.23-7.2

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>:
Bug#648056; Package slapd. (Tue, 08 Nov 2011 17:27:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Christophe Ségui <christophe.segui@math.univ-toulouse.fr>:
New Bug report received and forwarded. Copy sent to Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>. (Tue, 08 Nov 2011 17:27:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Christophe Ségui <christophe.segui@math.univ-toulouse.fr>
To: submit@bugs.debian.org
Subject: Openldap fails to use existing cipher TLS_RSA_3DES_EDE_CBC_SHA1
Date: Tue, 8 Nov 2011 18:12:18 +0100
[Message part 1 (text/plain, inline)]
Package: slapd
Version: 2.4.23-7.2


Openldap refuses to use cipher TLS_RSA_3DES_EDE_CBC_SHA1 when the cipher is available to the system.

 Here is the output of gnutls-cli:

ldap3:/etc/ldap# gnutls-cli -l | grep TLS_RSA_3DES_EDE_CBC_SHA1
TLS_RSA_3DES_EDE_CBC_SHA1                         	0x00, 0x0a	SSL3.0


and gnutls-serv

ldap3:/etc/ldap# gnutls-serv -l | grep TLS_RSA_3DES_EDE_CBC_SHA1
TLS_RSA_3DES_EDE_CBC_SHA1                         	0x00, 0x0a	SSL3.0



and openldap refuses to start when this cipher is used (and only this one) :

ldap3:/etc/ldap# /usr/sbin/slapd -h ldap:/// ldaps:/// ldapi:/// -g openldap -u openldap -d9

[…]
TLS: could not set cipher list TLS_RSA_3DES_EDE_CBC_SHA1.
main: TLS init def ctx failed: -1
slapd destroy: freeing system resources.
syncinfo_free: rid=124
slapd stopped.
connections_destroy: nothing to destroy.



Here is the TLS relevant part of slapd.conf:

TLSCertificateFile /etc/ldap/ldap3.math.ups-tlse.fr.pem
TLSCertificateKeyFile /etc/ldap/ldap3.math.ups-tlse.fr.key
TLSCACertificateFile /etc/ldap/CNRS2-Standard.crt.full.tls
TLSCipherSuite TLS_RSA_3DES_EDE_CBC_SHA1



Here are the version of libldap, libgnutls26:

ii  libgnutls26           2.8.6-1               the GNU TLS library - runtime library
ii  libldap-2.4-2         2.4.23-7.2            OpenLDAP libraries



Best Regards,
_______________________________________

Christophe Ségui
Responsable de Service
Service Informatique
Institut de Mathématiques de Toulouse - UMR 5219
Université de Toulouse, CNRS


UNIVERSITE PAUL SABATIER
BAT 1R3 bur 221
118 Route de Narbonne
31062 Toulouse Cedex 9 

tel : 05.61.55.63.78	fax :05.61.55.75.99
_______________________________________

Economisez de l'énergie, du papier et de l'encre, n'imprimez ce message que si nécessaire. Pour en savoir plus consultez www.ecoinfo.cnrs.fr





[Message part 2 (text/html, inline)]
[smime.p7s (application/pkcs7-signature, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>:
Bug#648056; Package slapd. (Fri, 18 Nov 2011 07:51:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Christophe Ségui <christophe.segui@math.univ-toulouse.fr>:
Extra info received and forwarded to list. Copy sent to Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>. (Fri, 18 Nov 2011 07:51:03 GMT) Full text and rfc822 format available.

Message #10 received at 648056@bugs.debian.org (full text, mbox):

From: Christophe Ségui <christophe.segui@math.univ-toulouse.fr>
To: 648056@bugs.debian.org
Subject: Re: Bug#648056: Acknowledgement (Openldap fails to use existing cipher TLS_RSA_3DES_EDE_CBC_SHA1)
Date: Fri, 18 Nov 2011 08:41:24 +0100
[Message part 1 (text/plain, inline)]
Hi,

any update on this ?

Regards,

Le 8 nov. 2011 à 18:27, Debian Bug Tracking System a écrit :

> Thank you for filing a new Bug report with Debian.
> 
> This is an automatically generated reply to let you know your message
> has been received.
> 
> Your message is being forwarded to the package maintainers and other
> interested parties for their attention; they will reply in due course.
> 
> Your message has been sent to the package maintainer(s):
> Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>
> 
> If you wish to submit further information on this problem, please
> send it to 648056@bugs.debian.org.
> 
> Please do not send mail to owner@bugs.debian.org unless you wish
> to report a problem with the Bug-tracking system.
> 
> -- 
> 648056: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=648056
> Debian Bug Tracking System
> Contact owner@bugs.debian.org with problems

_______________________________________

Christophe Ségui
Responsable de Service
Service Informatique
Institut de Mathématiques de Toulouse - UMR 5219
Université de Toulouse, CNRS


UNIVERSITE PAUL SABATIER
BAT 1R3 bur 221
118 Route de Narbonne
31062 Toulouse Cedex 9 

tel : 05.61.55.63.78	fax :05.61.55.75.99
_______________________________________

Economisez de l'énergie, du papier et de l'encre, n'imprimez ce message que si nécessaire. Pour en savoir plus consultez www.ecoinfo.cnrs.fr





[Message part 2 (text/html, inline)]
[smime.p7s (application/pkcs7-signature, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>:
Bug#648056; Package slapd. (Wed, 23 Nov 2011 04:03:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Quanah Gibson-Mount <quanah@zimbra.com>:
Extra info received and forwarded to list. Copy sent to Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>. (Wed, 23 Nov 2011 04:03:03 GMT) Full text and rfc822 format available.

Message #15 received at 648056@bugs.debian.org (full text, mbox):

From: Quanah Gibson-Mount <quanah@zimbra.com>
To: Christophe Ségui <christophe.segui@math.univ-toulouse.fr>, 648056@bugs.debian.org
Subject: Re: [Pkg-openldap-devel] Bug#648056: Acknowledgement (Openldap fails to use existing cipher TLS_RSA_3DES_EDE_CBC_SHA1)
Date: Tue, 22 Nov 2011 19:52:00 -0800
--On Friday, November 18, 2011 8:41 AM +0100 Christophe Ségui 
<christophe.segui@math.univ-toulouse.fr> wrote:

> Hi,
>
>
> any update on this ?

I've filed an upstream bug for this:

<https://www.openldap.org/its/private.cgi/?findid=7094>

As that is likely the correct location for getting it fixed.

--Quanah

--

Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration




Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>:
Bug#648056; Package slapd. (Thu, 19 Jan 2012 10:57:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Christophe Ségui <christophe.segui@math.univ-toulouse.fr>:
Extra info received and forwarded to list. Copy sent to Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>. (Thu, 19 Jan 2012 10:57:06 GMT) Full text and rfc822 format available.

Message #20 received at 648056@bugs.debian.org (full text, mbox):

From: Christophe Ségui <christophe.segui@math.univ-toulouse.fr>
To: 648056@bugs.debian.org
Subject: Re: Bug#648056: Acknowledgement (Openldap fails to use existing cipher TLS_RSA_3DES_EDE_CBC_SHA1)
Date: Thu, 19 Jan 2012 11:44:49 +0100
[Message part 1 (text/plain, inline)]
Still nothing ? Nobody's care about support of TLS_RSA_3DES_EDE_CBC_SHA1 in openldap/gnutls environment ?

Regards,

Le 18 nov. 2011 à 08:41, Christophe Ségui a écrit :

> Hi,
> 
> any update on this ?
> 
> Regards,
> 
> Le 8 nov. 2011 à 18:27, Debian Bug Tracking System a écrit :
> 
>> Thank you for filing a new Bug report with Debian.
>> 
>> This is an automatically generated reply to let you know your message
>> has been received.
>> 
>> Your message is being forwarded to the package maintainers and other
>> interested parties for their attention; they will reply in due course.
>> 
>> Your message has been sent to the package maintainer(s):
>> Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>
>> 
>> If you wish to submit further information on this problem, please
>> send it to 648056@bugs.debian.org.
>> 
>> Please do not send mail to owner@bugs.debian.org unless you wish
>> to report a problem with the Bug-tracking system.
>> 
>> -- 
>> 648056: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=648056
>> Debian Bug Tracking System
>> Contact owner@bugs.debian.org with problems
> 
> _______________________________________
> 
> Christophe Ségui
> Responsable de Service
> Service Informatique
> Institut de Mathématiques de Toulouse - UMR 5219
> Université de Toulouse, CNRS
> 
> 
> UNIVERSITE PAUL SABATIER
> BAT 1R3 bur 221
> 118 Route de Narbonne
> 31062 Toulouse Cedex 9 
> 
> tel : 05.61.55.63.78	fax :05.61.55.75.99
> _______________________________________
> 
> Economisez de l'énergie, du papier et de l'encre, n'imprimez ce message que si nécessaire. Pour en savoir plus consultez www.ecoinfo.cnrs.fr
> 
> 
> 
> 
> 

_______________________________________

Christophe Ségui
Responsable de Service
Service Informatique
Institut de Mathématiques de Toulouse - UMR 5219
Université de Toulouse, CNRS


UNIVERSITE PAUL SABATIER
BAT 1R3 bur 221
118 Route de Narbonne
31062 Toulouse Cedex 9 

tel : 05.61.55.63.78	fax :05.61.55.75.99
_______________________________________

Economisez de l'énergie, du papier et de l'encre, n'imprimez ce message que si nécessaire. Pour en savoir plus consultez www.ecoinfo.cnrs.fr





[Message part 2 (text/html, inline)]
[smime.p7s (application/pkcs7-signature, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>:
Bug#648056; Package slapd. (Fri, 20 Jan 2012 10:42:30 GMT) Full text and rfc822 format available.

Acknowledgement sent to Christophe Ségui <christophe.segui@math.univ-toulouse.fr>:
Extra info received and forwarded to list. Copy sent to Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>. (Fri, 20 Jan 2012 10:42:33 GMT) Full text and rfc822 format available.

Message #25 received at 648056@bugs.debian.org (full text, mbox):

From: Christophe Ségui <christophe.segui@math.univ-toulouse.fr>
To: 648056@bugs.debian.org
Subject: Re: Bug#648056: Info received (Bug#648056: Acknowledgement (Openldap fails to use existing cipher TLS_RSA_3DES_EDE_CBC_SHA1))
Date: Fri, 20 Jan 2012 11:38:31 +0100
[Message part 1 (text/plain, inline)]
Thanks,

I've no access to this bug tracker… 

Le 19 janv. 2012 à 11:57, Debian Bug Tracking System a écrit :

> Thank you for the additional information you have supplied regarding
> this Bug report.
> 
> This is an automatically generated reply to let you know your message
> has been received.
> 
> Your message is being forwarded to the package maintainers and other
> interested parties for their attention; they will reply in due course.
> 
> Your message has been sent to the package maintainer(s):
> Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>
> 
> If you wish to submit further information on this problem, please
> send it to 648056@bugs.debian.org.
> 
> Please do not send mail to owner@bugs.debian.org unless you wish
> to report a problem with the Bug-tracking system.
> 
> -- 
> 648056: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=648056
> Debian Bug Tracking System
> Contact owner@bugs.debian.org with problems

_______________________________________

Christophe Ségui
Responsable de Service
Service Informatique
Institut de Mathématiques de Toulouse - UMR 5219
Université de Toulouse, CNRS


UNIVERSITE PAUL SABATIER
BAT 1R3 bur 221
118 Route de Narbonne
31062 Toulouse Cedex 9 

tel : 05.61.55.63.78	fax :05.61.55.75.99
_______________________________________

Economisez de l'énergie, du papier et de l'encre, n'imprimez ce message que si nécessaire. Pour en savoir plus consultez www.ecoinfo.cnrs.fr





[Message part 2 (text/html, inline)]
[smime.p7s (application/pkcs7-signature, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>:
Bug#648056; Package slapd. (Thu, 28 Jun 2012 08:24:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Christophe Ségui <christophe.segui@math.univ-toulouse.fr>:
Extra info received and forwarded to list. Copy sent to Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>. (Thu, 28 Jun 2012 08:24:07 GMT) Full text and rfc822 format available.

Message #30 received at 648056@bugs.debian.org (full text, mbox):

From: Christophe Ségui <christophe.segui@math.univ-toulouse.fr>
To: 648056@bugs.debian.org
Subject: (Bug#648056: Acknowledgement (Openldap fails to use existing cipher TLS_RSA_3DES_EDE_CBC_SHA1)))
Date: Thu, 28 Jun 2012 10:06:48 +0200
[Message part 1 (text/plain, inline)]
Hi there,

Could we expect something to be done against this bug ?

Thanks.

-- 
	   Christophe Ségui
   Responsable
   informatique
Institut de Mathématiques de Toulouse
Université de Toulouse - CNRS
118 Route de Narbonne
31062 Toulouse Cedex 09

Tel : (+33) 5 61 55 63 78
christophe.segui@math.univ-toulouse.fr
http://www.math.univ-toulouse.fr


[Message part 2 (text/html, inline)]
[smime.p7s (application/pkcs7-signature, attachment)]

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 17 01:05:05 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.