directory-api mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Frank Crow <fjcrow2...@gmail.com>
Subject Unavailable Cipher Suites
Date Thu, 16 Nov 2017 15:54:46 GMT
I'm using Apache Directory Studio (which I assume is using the Apache LDAP
API) and having an issue connecting due to (apparently) "unavailable cipher
suites" with OpenLDAP.

I created a self-signed CA using OpenSSL command line tools and have
verified that the certificate (and even client-side certs signed by it)
work without problems using all of the OpenLDAP applications.   I've even
successfully integrated it with Kerberos and SSSD with TLS/SSL.

On some machines, the Apache Directory Studio works with my configuration
no problem as well.   However, on Windows and certain other Linux machines,
it fails with "SSL Handshake Error".

I added "-Djavax.net.debug=ssl:handshake" and was able to determine that
the cipher suite that I'm using (ECDHE-RSA-AES256-GCM-SHA385) is output as
an "unavailable cipher suite".   It also looks like the only available
cipher suites (listed later in the output) use AES128 or weaker algorithms.

How can I get Apache Directory Studio to use updated cryptography libraries?


Thanks,
-- 
Frank

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message