"ssl/tls alert handshake failure" with nsssl3ciphers: TLSv1.2 ciphers on RHDS12

Solution Unverified - Updated -

Issue

  • "ssl/tls alert handshake failure" with nsssl3ciphers: TLSv1.2 ciphers on RHDS12

Sample:

# dsconf -D "cn=Directory Manager" ldap://server.example.com security ciphers set -- "-all,+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,+TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
# dsctl [INSTANCE] restart
# ldapsearch -LLL -x -D "cn=Directory Manager" -w [PASSWORD] -H ldaps://server.example.com/ uid=testuser -d1
...
connect success
TLS trace: SSL_connect:before SSL initialization
TLS trace: SSL_connect:SSLv3/TLS write client hello
TLS trace: SSL3 alert read:fatal:handshake failure
TLS trace: SSL_connect:error in error
TLS: can't connect: error:0A000410:SSL routines::ssl/tls alert handshake failure.
ldap_err2string
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
# tail -2 /var/log/dirsrv/slapd-9ds0/access
[DATE/TIME] conn=9 fd=64 slot=64 SSL connection from [Server IP] to [Server IP]
[DATE/TIME] conn=9 op=-1 fd=64 Disconnect - Cannot communicate securely with peer: no common encryption algorithm(s).

Environment

  • Red Hat Enterprise Linux 9
  • Red Hat Directory Server 12

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content