docker-openldap: TLS Issue: Could not negotiate a supported cipher suite..

When I run the latest image with:

docker pull osixia/openldap
docker run -d -p 390:389 -p 636:636 -h ldap.***.com --name="ldaps" osixia/openldap

And i try to search on the directory over LDAPS with:

ldapsearch -x -h ldap.***.com -p 390 -b dc=example,dc=org -D "cn=admin,dc=example,dc=org" -w admin -Z

I get to following log output and TLS negotiation failure:

55ddb430 @(#) $OpenLDAP: slapd  (Apr 12 2015 14:28:03) $
    root@chimera:/tmp/buildd/openldap-2.4.40+dfsg/debian/build/servers/slapd
TLS: warning: ignoring dhfile
55ddb431 slapd starting
55ddb43a conn=1000 fd=20 ACCEPT from IP=84.253.47.226:59879 (IP=172.17.0.185:389)
55ddb43a conn=1000 op=0 EXT oid=1.3.6.1.4.1.1466.20037
55ddb43a conn=1000 op=0 STARTTLS
55ddb43a conn=1000 op=0 RESULT oid= err=0 text=
TLS: can't accept: Could not negotiate a supported cipher suite..
55ddb43a conn=1000 fd=20 closed (TLS negotiation failure)

I also tried to connect over ldaps:// with:

ldapsearch -x -H ldaps://ldap.***.com -b dc=example,dc=org -D "cn=admin,dc=example,dc=org" -w admin

But I got the same “Could not negotiate a supported cipher suite…” exception. Is there anything I’ve done wrong or is there an issue with the image?

About this issue

Most upvoted comments

I’d like to reopen this. Even downgrading the settings for TLS as above (and checking that I have those available), did not solve this for me. I still get the same error: “ignoring dhfile”.

+2
afrazkhan on Nov 17, 2016
Read more comments on GitHub
← docker-openldap: memberOf with groupOfUniqueNames not working
docker-phpLDAPadmin: OpenLDAP & phpLDAPadmin in 1 tutorial not working locally →