No support for DHE ciphers (TLS)

Bug #1656979 reported by Haw Loeung on 2017-01-17
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openldap (Ubuntu)

Bug Description


Seems the OpenLDAP shipped with Xenial (and prior) built against GnuTLS does not support DHE cipher suites.

| hloeung@ldap-server:~$ apt-cache policy slapd
| slapd:
| Installed: 2.4.42+dfsg-2ubuntu3.1
| Candidate: 2.4.42+dfsg-2ubuntu3.1
| Version table:
| *** 2.4.42+dfsg-2ubuntu3.1 500
| 500 xenial-updates/main amd64 Packages
| 100 /var/lib/dpkg/status
| 2.4.42+dfsg-2ubuntu3 500
| 500 xenial/main amd64 Packages

Our LDAP server is configured with the following:

| TLSCertificateFile /etc/ssl/certs/ldap-server.crt
| TLSCertificateKeyFile /etc/ssl/private/ldap-server.key
| TLSCACertificateFile /etc/ssl/certs/ldap-server_chain.crt
| TLSProtocolMin 1.0
| TLSDHParamFile /etc/ssl/private/dhparams.pem

I know TLSDHParamFile isn't used by OpenLDAP when built with GnuTLS, but thought I'd try anyways. cipherscan[1] shows the following list of cipher suites:

| prio ciphersuite protocols pfs curves
| 1 ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 ECDH,P-256,256bits prime192v1,secp224r1,prime256v1,secp384r1,secp521r1
| 2 ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 ECDH,P-256,256bits prime192v1,secp224r1,prime256v1,secp384r1,secp521r1
| 3 ECDHE-RSA-AES128-SHA TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits prime192v1,secp224r1,prime256v1,secp384r1,secp521r1
| 4 ECDHE-RSA-AES128-SHA256 TLSv1.2 ECDH,P-256,256bits prime192v1,secp224r1,prime256v1,secp384r1,secp521r1
| 5 ECDHE-RSA-AES256-SHA TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits prime192v1,secp224r1,prime256v1,secp384r1,secp521r1
| 6 ECDHE-RSA-AES256-SHA384 TLSv1.2 ECDH,P-256,256bits prime192v1,secp224r1,prime256v1,secp384r1,secp521r1

Even with TLSCipherSuite config commented out, we see the following cipher suites:

| prio ciphersuite protocols pfs curves
| 1 ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 ECDH,P-256,256bits prime192v1,secp224r1,prime256v1,secp384r1,secp521r1
| 2 ECDHE-RSA-AES256-SHA384 TLSv1.2 ECDH,P-256,256bits prime192v1,secp224r1,prime256v1,secp384r1,secp521r1
| 3 ECDHE-RSA-AES256-SHA TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits prime192v1,secp224r1,prime256v1,secp384r1,secp521r1
| 4 AES256-GCM-SHA384 TLSv1.2 None None
| 5 AES256-SHA256 TLSv1.2 None None
| 6 AES256-SHA TLSv1,TLSv1.1,TLSv1.2 None None
| 7 CAMELLIA256-SHA TLSv1,TLSv1.1,TLSv1.2 None None
| 8 ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 ECDH,P-256,256bits prime192v1,secp224r1,prime256v1,secp384r1,secp521r1
| 9 ECDHE-RSA-AES128-SHA256 TLSv1.2 ECDH,P-256,256bits prime192v1,secp224r1,prime256v1,secp384r1,secp521r1
| 10 ECDHE-RSA-AES128-SHA TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits prime192v1,secp224r1,prime256v1,secp384r1,secp521r1
| 11 AES128-GCM-SHA256 TLSv1.2 None None
| 12 AES128-SHA256 TLSv1.2 None None
| 13 AES128-SHA TLSv1,TLSv1.1,TLSv1.2 None None
| 14 CAMELLIA128-SHA TLSv1,TLSv1.1,TLSv1.2 None None
| 15 ECDHE-RSA-DES-CBC3-SHA TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits prime192v1,secp224r1,prime256v1,secp384r1,secp521r1
| 16 DES-CBC3-SHA TLSv1,TLSv1.1,TLSv1.2 None None

I think the fix is in the patch below that's released in 2.4.39:;a=commitdiff;h=622d13a32ec8d623c26a11b60b63e443dc86df99




Nish Aravamudan (nacc) wrote :

Hello, I'm a bit confused. As you noted, Xenial (and on) have 2.4.42 as the base, but the fix you mention is in 2.4.39. So is it not fixed upstream? Or is this a result of the GnuTLS build?

Changed in openldap (Ubuntu):
status: New → Incomplete
Haw Loeung (hloeung) wrote :

Hmm, not too sure why that is. The version in Debian (and also Ubuntu) definitely doesn't include that patch:

| $ chdist apt-get xenial source slapd
| Reading package lists... Done
| Picking 'openldap' as source package instead of 'slapd'
| NOTICE: 'openldap' packaging is maintained in the 'Git' version control system at:
| git://
| Please use:
| git clone git://
| Need to get 4993 kB of source archives.
| Get:1 xenial-updates/main openldap 2.4.42+dfsg-2ubuntu3.1 (dsc) [3040 B]
| Get:2 xenial-updates/main openldap 2.4.42+dfsg-2ubuntu3.1 (tar) [4813 kB]
| Get:3 xenial-updates/main openldap 2.4.42+dfsg-2ubuntu3.1 (diff) [177 kB]
| Fetched 4993 kB in 14s (343 kB/s)

| $ grep DH_BITS ./libraries/libldap/tls_g.c
| #define DH_BITS (1024)
| gnutls_dh_params_generate2(ctx->dh_params, DH_BITS);

Via online source viewer also confirms this:

Changed in openldap (Ubuntu):
status: Incomplete → New

On Tue, Jan 17, 2017 at 12:49:36AM -0000, Haw Loeung wrote:
>I think the fix is in the patch below that's released in 2.4.39:
>;a=commitdiff;h=622d13a32ec8d623c26a11b60b63e443dc86df99 says:

fixed in RE25
fixed in RE24 (2.4.45)

OpenLDAP 2.4.45 has not been released just yet.

Ryan Tandy (rtandy) wrote :

Hello Haw,

openldap 2.4.45 is in artful now, so this should be fixed. could you please try your cipherscan again and confirm?


Changed in openldap (Ubuntu):
status: New → Incomplete
Launchpad Janitor (janitor) wrote :

[Expired for openldap (Ubuntu) because there has been no activity for 60 days.]

Changed in openldap (Ubuntu):
status: Incomplete → Expired
Haw Loeung (hloeung) on 2017-11-03
Changed in openldap (Ubuntu):
status: Expired → Incomplete
Changed in openldap (Ubuntu):
status: Incomplete → Expired
Junien Fridrick (axino) on 2018-01-08
Changed in openldap (Ubuntu):
status: Expired → Incomplete
Changed in openldap (Ubuntu):
status: Incomplete → Expired
Junien Fridrick (axino) on 2018-03-12
Changed in openldap (Ubuntu):
status: Expired → Incomplete
Changed in openldap (Ubuntu):
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers