Hi,
Seems the OpenLDAP shipped with Xenial (and prior) built against GnuTLS does not support DHE cipher suites.
| hloeung@ldap-server:~$ apt-cache policy slapd
| slapd:
| Installed: 2.4.42+dfsg-2ubuntu3.1
| Candidate: 2.4.42+dfsg-2ubuntu3.1
| Version table:
| *** 2.4.42+dfsg-2ubuntu3.1 500
| 500 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
| 100 /var/lib/dpkg/status
| 2.4.42+dfsg-2ubuntu3 500
| 500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages
Our LDAP server is configured with the following:
| TLSCertificateFile /etc/ssl/certs/ldap-server.crt
| TLSCertificateKeyFile /etc/ssl/private/ldap-server.key
| TLSCACertificateFile /etc/ssl/certs/ldap-server_chain.crt
| TLSProtocolMin 1.0
| TLSCipherSuite PFS:-VERS-SSL3.0:-DHE-DSS:-ARCFOUR-128:-3DES-CBC:-CAMELLIA-128-GCM:-CAMELLIA-256-GCM:-CAMELLIA-128-CBC:-CAMELLIA-256-CBC:%SERVER_PRECEDENCE
| TLSDHParamFile /etc/ssl/private/dhparams.pem
I know TLSDHParamFile isn't used by OpenLDAP when built with GnuTLS, but thought I'd try anyways. cipherscan[1] shows the following list of cipher suites:
| prio ciphersuite protocols pfs curves
| 1 ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 ECDH,P-256,256bits prime192v1,secp224r1,prime256v1,secp384r1,secp521r1
| 2 ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 ECDH,P-256,256bits prime192v1,secp224r1,prime256v1,secp384r1,secp521r1
| 3 ECDHE-RSA-AES128-SHA TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits prime192v1,secp224r1,prime256v1,secp384r1,secp521r1
| 4 ECDHE-RSA-AES128-SHA256 TLSv1.2 ECDH,P-256,256bits prime192v1,secp224r1,prime256v1,secp384r1,secp521r1
| 5 ECDHE-RSA-AES256-SHA TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits prime192v1,secp224r1,prime256v1,secp384r1,secp521r1
| 6 ECDHE-RSA-AES256-SHA384 TLSv1.2 ECDH,P-256,256bits prime192v1,secp224r1,prime256v1,secp384r1,secp521r1
Even with TLSCipherSuite config commented out, we see the following cipher suites:
| prio ciphersuite protocols pfs curves
| 1 ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 ECDH,P-256,256bits prime192v1,secp224r1,prime256v1,secp384r1,secp521r1
| 2 ECDHE-RSA-AES256-SHA384 TLSv1.2 ECDH,P-256,256bits prime192v1,secp224r1,prime256v1,secp384r1,secp521r1
| 3 ECDHE-RSA-AES256-SHA TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits prime192v1,secp224r1,prime256v1,secp384r1,secp521r1
| 4 AES256-GCM-SHA384 TLSv1.2 None None
| 5 AES256-SHA256 TLSv1.2 None None
| 6 AES256-SHA TLSv1,TLSv1.1,TLSv1.2 None None
| 7 CAMELLIA256-SHA TLSv1,TLSv1.1,TLSv1.2 None None
| 8 ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 ECDH,P-256,256bits prime192v1,secp224r1,prime256v1,secp384r1,secp521r1
| 9 ECDHE-RSA-AES128-SHA256 TLSv1.2 ECDH,P-256,256bits prime192v1,secp224r1,prime256v1,secp384r1,secp521r1
| 10 ECDHE-RSA-AES128-SHA TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits prime192v1,secp224r1,prime256v1,secp384r1,secp521r1
| 11 AES128-GCM-SHA256 TLSv1.2 None None
| 12 AES128-SHA256 TLSv1.2 None None
| 13 AES128-SHA TLSv1,TLSv1.1,TLSv1.2 None None
| 14 CAMELLIA128-SHA TLSv1,TLSv1.1,TLSv1.2 None None
| 15 ECDHE-RSA-DES-CBC3-SHA TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits prime192v1,secp224r1,prime256v1,secp384r1,secp521r1
| 16 DES-CBC3-SHA TLSv1,TLSv1.1,TLSv1.2 None None
I think the fix is in the patch below that's released in 2.4.39:
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=622d13a32ec8d623c26a11b60b63e443dc86df99
Thanks,
Haw
[1]https://github.com/jvehent/cipherscan
Hello, I'm a bit confused. As you noted, Xenial (and on) have 2.4.42 as the base, but the fix you mention is in 2.4.39. So is it not fixed upstream? Or is this a result of the GnuTLS build?