How to determine cipher in use when using ldapsearch?
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
I'm trying to debug an LDAPS connection from Ubuntu 14.04 to some sort of VIP. There are 6 nodes behind the VIP. The connection only succeeds "sometimes". A wireshark log shows the failing connections being issued TLSv1.2 Alerts "Fatal, Illegal Parameter" with a Content Type "Alert (21)" which apparently only means wireshark can't decrypt the alert record.
I don't have access to the server's private key so I cannot decrypt the wireshark session. I'm trying to get the server admin to do it. In the meantime, is there any way to find out what cipher is being settled on with the connection does work? I've tried ldapsearch -d 255 ... but it doesn't reveal anything about the cipher that I can see, so far.
When the connection does succeed, The TLS record layer in wireshark says looks like this, if it's of any use:
ssl openldap gnutls
asked 7 hours ago
Server Fault
178110
add a comment |Â
up vote
0
down vote
favorite
I'm trying to debug an LDAPS connection from Ubuntu 14.04 to some sort of VIP. There are 6 nodes behind the VIP. The connection only succeeds "sometimes". A wireshark log shows the failing connections being issued TLSv1.2 Alerts "Fatal, Illegal Parameter" with a Content Type "Alert (21)" which apparently only means wireshark can't decrypt the alert record.
I don't have access to the server's private key so I cannot decrypt the wireshark session. I'm trying to get the server admin to do it. In the meantime, is there any way to find out what cipher is being settled on with the connection does work? I've tried ldapsearch -d 255 ... but it doesn't reveal anything about the cipher that I can see, so far.
When the connection does succeed, The TLS record layer in wireshark says looks like this, if it's of any use:
ssl openldap gnutls
asked 7 hours ago
Server Fault
178110
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I'm trying to debug an LDAPS connection from Ubuntu 14.04 to some sort of VIP. There are 6 nodes behind the VIP. The connection only succeeds "sometimes". A wireshark log shows the failing connections being issued TLSv1.2 Alerts "Fatal, Illegal Parameter" with a Content Type "Alert (21)" which apparently only means wireshark can't decrypt the alert record.
I don't have access to the server's private key so I cannot decrypt the wireshark session. I'm trying to get the server admin to do it. In the meantime, is there any way to find out what cipher is being settled on with the connection does work? I've tried ldapsearch -d 255 ... but it doesn't reveal anything about the cipher that I can see, so far.
When the connection does succeed, The TLS record layer in wireshark says looks like this, if it's of any use:
ssl openldap gnutls
asked 7 hours ago
Server Fault
178110
I'm trying to debug an LDAPS connection from Ubuntu 14.04 to some sort of VIP. There are 6 nodes behind the VIP. The connection only succeeds "sometimes". A wireshark log shows the failing connections being issued TLSv1.2 Alerts "Fatal, Illegal Parameter" with a Content Type "Alert (21)" which apparently only means wireshark can't decrypt the alert record.
I don't have access to the server's private key so I cannot decrypt the wireshark session. I'm trying to get the server admin to do it. In the meantime, is there any way to find out what cipher is being settled on with the connection does work? I've tried ldapsearch -d 255 ... but it doesn't reveal anything about the cipher that I can see, so far.
When the connection does succeed, The TLS record layer in wireshark says looks like this, if it's of any use:
ssl openldap gnutls
ssl openldap gnutls
asked 7 hours ago
Server Fault
178110
asked 7 hours ago
Server Fault
178110
asked 7 hours ago
Server Fault
178110
asked 7 hours ago
Server Fault
178110
asked 7 hours ago
Server Fault
178110
178110
add a comment |Â
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
0
down vote
I think you need to use OpenSSL to connect to the server and see what ciphers are returned.
Try
openssl s_client -connect ldapserver.domain:636
It should return a line for "Ciphers"
answered 7 hours ago
zymhan
220110
Looks like: Protocol : TLSv1.2 Cipher : AES256-SHA. So, the server only supports that cipher? Maybe I should mentionldapsearchis compiled against gnutls on my system and not openssl if that matters.
– Server Fault
6 hours ago
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
I think you need to use OpenSSL to connect to the server and see what ciphers are returned.
Try
openssl s_client -connect ldapserver.domain:636
It should return a line for "Ciphers"
answered 7 hours ago
zymhan
220110
Looks like: Protocol : TLSv1.2 Cipher : AES256-SHA. So, the server only supports that cipher? Maybe I should mentionldapsearchis compiled against gnutls on my system and not openssl if that matters.
– Server Fault
6 hours ago
add a comment |Â
up vote
0
down vote
I think you need to use OpenSSL to connect to the server and see what ciphers are returned.
Try
openssl s_client -connect ldapserver.domain:636
It should return a line for "Ciphers"
answered 7 hours ago
zymhan
220110
Looks like: Protocol : TLSv1.2 Cipher : AES256-SHA. So, the server only supports that cipher? Maybe I should mentionldapsearchis compiled against gnutls on my system and not openssl if that matters.
– Server Fault
6 hours ago
add a comment |Â
up vote
0
down vote
up vote
0
down vote
I think you need to use OpenSSL to connect to the server and see what ciphers are returned.
Try
openssl s_client -connect ldapserver.domain:636
It should return a line for "Ciphers"
answered 7 hours ago
zymhan
220110
I think you need to use OpenSSL to connect to the server and see what ciphers are returned.
Try
openssl s_client -connect ldapserver.domain:636
It should return a line for "Ciphers"
answered 7 hours ago
zymhan
220110
answered 7 hours ago
zymhan
220110
answered 7 hours ago
zymhan
220110
answered 7 hours ago
zymhan
220110
220110
Looks like: Protocol : TLSv1.2 Cipher : AES256-SHA. So, the server only supports that cipher? Maybe I should mentionldapsearchis compiled against gnutls on my system and not openssl if that matters.
– Server Fault
6 hours ago
add a comment |Â
Looks like: Protocol : TLSv1.2 Cipher : AES256-SHA. So, the server only supports that cipher? Maybe I should mentionldapsearchis compiled against gnutls on my system and not openssl if that matters.
– Server Fault
6 hours ago
Looks like: Protocol : TLSv1.2 Cipher : AES256-SHA. So, the server only supports that cipher? Maybe I should mention
ldapsearch is compiled against gnutls on my system and not openssl if that matters.– Server Fault
6 hours ago
Looks like: Protocol : TLSv1.2 Cipher : AES256-SHA. So, the server only supports that cipher? Maybe I should mention
ldapsearch is compiled against gnutls on my system and not openssl if that matters.– Server Fault
6 hours ago
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f474350%2fhow-to-determine-cipher-in-use-when-using-ldapsearch%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
