6.4.3 is released but appears to have eDirectory SSL issues

After upgrading AAuth server to 6.4.3 release, no ldap syncing or login can happen if repository is eDirectory

LDAP connect error: ("('socket ssl wrapping error: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:1002)',)",); ['x.x.x.x.:636', 'x.x.x.x:636']

Rodney

If you found this post useful, give it a "Like" or click on "Verify Answer" under the "More" button.   This helps others.

Parents Reply
  • 0   in reply to   

    Thanks for notification. I also saw this in release notes:

    If you use eDirectory for your LDAP repository, before upgrading to Advanced Authentication 6.4 Service Pack 3, ensure to modify the LDAP server configuration in the NetIQ iManager for eDirectory to either one of the following ways:

    • To support the current strong set of TLS ciphers for RSA certificates

    • To use an Elliptic Curve Certificate (for example, SSL EC CertificateDNS)

    As somebody mentioned before, we also cannot switch to EC in near future, so I would like to know what exactly is "support the current strong set of TLS ciphers for RSA certificates".

    There is a link to KM (https://portal.microfocus.com/s/article/KM000029147?language=en_US), but this talks only about switching to EC.

    Kind regards, Sebastijan

    Kind regards,

    Sebastijan

    If you found this post useful, give it a “Like” or click on "Verify Answer" under the "More" button

Children