openldap-clients: When TLSv1.3 only are set TLS connection does not work
Issue
Sample:
$ rpm -q openldap-clients
openldap-clients-2.6.6-3.el9.x86_64
$ cat /etc/openldap/ldap.conf
SASL_NOCANON on
TLS_PROTOCOL_MIN 3.4
BASE dc=example,dc=com
TLS_REQCERT never
TLS_CIPHER_SUITE TLS_AES_256_GCM_SHA384
$ ldapsearch -LLL -x -D "cn=Directory Manager" -w Password -H ldaps://ldapsrv.example.com/ -d1 2>&1 | tail -5
TLS: could not set cipher list TLS_AES_256_GCM_SHA384.
TLS: error:0A0000B9:SSL routines::no cipher match ssl/ssl_lib.c:3329
TLS: init_def_ctx: error:0A0000B9:SSL routines::no cipher match.
ldap_err2string
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
Environment
- Red Hat Enterprise Linux 8
- Red Hat Enterprise Linux 9
- Red Hat Enterprise Linux 10
- openldap-clients
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
