You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "Andreas Riddering (JIRA)" <ji...@apache.org> on 2016/10/05 12:04:20 UTC
[jira] [Comment Edited] (DIRSERVER-2043) SSL connection failures
errors are useless
[ https://issues.apache.org/jira/browse/DIRSERVER-2043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15548503#comment-15548503 ]
Andreas Riddering edited comment on DIRSERVER-2043 at 10/5/16 12:03 PM:
------------------------------------------------------------------------
I could give it a try later on, if its possible to test this on the test-environment. But as there are serveral hundrets of people using the prouctive env and as its configured with HA stuff and so on, it won't be possible to change this within a short matter of time.
I am just wondering, why ADS is working fine with an older Java-Version, but refuses to connect to the same server when working with a newer version. There must be something, thats taking into account?!?
As i did some testing, your supposal with TLSv1.1 could solve our problem. I tried to connect to the (older) server with tls1_1 via openssl, and it didnt work. Using a newer server, which supports TLS1.1 and 1.2 can be connected to via ADS and newer JavaVersion.
So, is it possible to start ADS (with newer Java Version) with TLS1(.0) Support enabled?
For the short term it only needs to use the older java version or has tls1(.0) support enabled. Couldn't find out how this is possible...
edit: I am so sorry, just noticed, that this is about the directory server!? I'm talking about the Studio and only need to fix the studio. ... just saying, didn't want to confuse anybody.
was (Author: dunstkreis):
I could give it a try later on, if its possible to test this on the test-environment. But as there are serveral hundrets of people using the prouctive env and as its configured with HA stuff and so on, it won't be possible to change this within a short matter of time.
I am just wondering, why ADS is working fine with an older Java-Version, but refuses to connect to the same server when working with a newer version. There must be something, thats taking into account?!?
As i did some testing, your supposal with TLSv1.1 could solve our problem. I tried to connect to the (older) server with tls1_1 via openssl, and it didnt work. Using a newer server, which supports TLS1.1 and 1.2 can be connected to via ADS and newer JavaVersion.
So, is it possible to start ADS (with newer Java Version) with TLS1(.0) Support enabled?
For the short term it only needs to use the older java version or has tls1(.0) support enabled. Couldn't find out how this is possible...
> SSL connection failures errors are useless
> ------------------------------------------
>
> Key: DIRSERVER-2043
> URL: https://issues.apache.org/jira/browse/DIRSERVER-2043
> Project: Directory ApacheDS
> Issue Type: Bug
> Affects Versions: 2.0.0-M19
> Reporter: Roy Wellington
> Priority: Minor
>
> When connecting, if StartTLS fails, you get an error such as the following:
> {noformat}
> Error while opening connection
> - SSL handshake failed.
> org.apache.directory.ldap.client.api.exception.InvalidConnectionException: SSL handshake failed.
> at org.apache.directory.ldap.client.api.LdapNetworkConnection.writeRequest(LdapNetworkConnection.java:3939)
> at org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1178)
> at org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1076)
> at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:368)
> at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1175)
> at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:460)
> at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:306)
> at org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.run(OpenConnectionsRunnable.java:114)
> at org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109)
> at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54)
> SSL handshake failed.
> {noformat}
> But _why_ did the SSL handshake fail? I don't need the stack trace, I need to know what exactly failed, something like what Firefox/Chrome do on SSL failures. I'm trying to debug this right now, and I have absolutely no idea what's going on here.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)