You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@directory.apache.org by jeffty <wa...@gmail.com> on 2015/08/09 10:48:16 UTC
Enable TLSv1 in ApacheDS lead to Timeout Error
Hi All,
I’ve enabled TLSv1 in ApacheDS, after restart the service I got a timeout
error and fail to login again.
In Apache Directory Studio network Parameter, encryption method is Use SSL
encryption(ldaps://) and provider is Apache Directory LDAP Client API.
And in Authentication the authentication method is Simple Authentication.
Below is my environment:
ApacheDS: apacheds-2.0.0-M20-x86_64
Directory Studio: ApacheDirectoryStudio-2.0.0.v20150606-M9-win32.x86_64
OS: CentOS6.6
I haven’t found any clues in apache ds website and no related articles
found by google either.
Is there any guidance for login ds with TLSv1 enabled ? Thanks a lot.
Jason
Re: Enable TLSv1 in ApacheDS lead to Timeout Error
Posted by jeffty <wa...@gmail.com>.
Also tried V1.1 and V1.2,
V1.1 works but V1.2 got EXTENSION_OID 1.3.6.1.4.1.1466.20037 has failed to
process your request error.
JDK8 supports V1.2, right?
On Sun, Aug 9, 2015 at 8:12 PM, jeffty <wa...@gmail.com> wrote:
> Thanks Kiran, that works!
>
> On Sun, Aug 9, 2015 at 7:04 PM, Kiran Ayyagari <ka...@apache.org>
> wrote:
>
>> On Sun, Aug 9, 2015 at 7:00 PM, jeffty <wa...@gmail.com> wrote:
>>
>> > Most is illegal argument Exception: TLSV1 as below:
>> >
>> you should not use the LDAPS port (i.e, 10636 in this case) while using
>> StartTLS
>>
>> use the LDAP port and it will work.
>>
>>
>> > [09:16:20] WARN [org.apache.mina.util.DefaultExceptionMonitor] -
>> Unexpected
>> > exception.
>> > org.apache.mina.core.filterchain.IoFilterLifeCycleException: onPreAdd():
>> > sslFilter:SslFilter in (0x00000006: nio socket, server, /
>> > 192.168.1.102:50073
>> > => /192.168.1.82:10636)
>> > at
>> >
>> >
>> org.apache.mina.core.filterchain.DefaultIoFilterChain.register(DefaultIoFilterChain.java:383)
>> > at
>> >
>> >
>> org.apache.mina.core.filterchain.DefaultIoFilterChain.addLast(DefaultIoFilterChain.java:189)
>> > at
>> >
>> >
>> org.apache.mina.core.filterchain.DefaultIoFilterChainBuilder.buildFilterChain(DefaultIoFilterChainBuilder.java:436)
>> > at
>> >
>> >
>> org.apache.mina.core.polling.AbstractPollingIoProcessor.addNow(AbstractPollingIoProcessor.java:532)
>> > at
>> >
>> >
>> org.apache.mina.core.polling.AbstractPollingIoProcessor.handleNewSessions(AbstractPollingIoProcessor.java:505)
>> > at
>> >
>> >
>> org.apache.mina.core.polling.AbstractPollingIoProcessor.access$400(AbstractPollingIoProcessor.java:67)
>> > at
>> >
>> >
>> org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:1113)
>> > at
>> >
>> >
>> org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
>> > at
>> >
>> >
>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>> > at
>> >
>> >
>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>> > at java.lang.Thread.run(Thread.java:745)
>> > Caused by: java.lang.IllegalArgumentException: TLSV1
>> > at sun.security.ssl.ProtocolVersion.valueOf(ProtocolVersion.java:187)
>> > at sun.security.ssl.ProtocolList.convert(ProtocolList.java:84)
>> > at sun.security.ssl.ProtocolList.<init>(ProtocolList.java:52)
>> > at
>> >
>> sun.security.ssl.SSLEngineImpl.setEnabledProtocols(SSLEngineImpl.java:2081)
>> > at org.apache.mina.filter.ssl.SslHandler.init(SslHandler.java:176)
>> > at org.apache.mina.filter.ssl.SslFilter.onPreAdd(SslFilter.java:426)
>> > at
>> >
>> >
>> org.apache.mina.core.filterchain.DefaultIoFilterChain.register(DefaultIoFilterChain.java:381)
>> > ... 10 more
>> >
>> >
>> > On Sun, Aug 9, 2015 at 6:57 PM, Kiran Ayyagari <ka...@apache.org>
>> > wrote:
>> >
>> > > On Sun, Aug 9, 2015 at 6:47 PM, jeffty <wa...@gmail.com>
>> wrote:
>> > >
>> > > > openjdk version "1.8.0_51"
>> > > > OpenJDK Runtime Environment (build 1.8.0_51-b16)
>> > > > OpenJDK 64-Bit Server VM (build 25.51-b03, mixed mode)
>> > > >
>> > > ok, this should work, are there any errors in the server log?
>> > >
>> > > >
>> > > > -----Original Message-----
>> > > > From: Kiran Ayyagari [mailto:kayyagari@apache.org]
>> > > > Sent: Sunday, August 09, 2015 6:46 PM
>> > > > To: users@directory.apache.org
>> > > > Subject: Re: Enable TLSv1 in ApacheDS lead to Timeout Error
>> > > >
>> > > > On Sun, Aug 9, 2015 at 6:44 PM, jeffty <wa...@gmail.com>
>> wrote:
>> > > >
>> > > > > Thanks Kiran.
>> > > > >
>> > > > > Enable LDAPS Server option is checked and login is OK (when TLSv1
>> is
>> > > > > not enabled and Encryption method is Use SSL encryption ldaps://).
>> > > > >
>> > > > > After enable TLSv1 protocol, I change the Encryption method to Use
>> > > > > StartTLS extension and still got PROTOCOL_ERROR.
>> > > > >
>> > > > on which java version the server is running?
>> > > >
>> > > > >
>> > > > > See attached screenshot error_authenticate.jpg and
>> connect_test.png
>> > > > >
>> > > > > Thanks.
>> > > > >
>> > > > > On Sun, Aug 9, 2015 at 6:06 PM, Kiran Ayyagari <
>> kayyagari@apache.org
>> > >
>> > > > > wrote:
>> > > > >
>> > > > >> On Sun, Aug 9, 2015 at 4:48 PM, jeffty <wa...@gmail.com>
>> > > wrote:
>> > > > >>
>> > > > >> > Hi All,
>> > > > >> >
>> > > > >> >
>> > > > >> >
>> > > > >> > I’ve enabled TLSv1 in ApacheDS, after restart the service I
>> got a
>> > > > >> timeout
>> > > > >> > error and fail to login again.
>> > > > >> >
>> > > > >> > In Apache Directory Studio network Parameter, encryption
>> method is
>> > > > >> > Use
>> > > > >> SSL
>> > > > >> > encryption(ldaps://) and
>> > > > >> >
>> > > > >> two things:
>> > > > >> 1. ldaps:// only works when the "Enable LDAPS Server" option is
>> > > > >> checked in the config editor 2. you can still connect securely
>> > > > >> without enabling the above option by using "Use StartTLS
>> Extension"
>> > > > >> option for the "Encryption method" on "Network Parameter"
>> tab in
>> > > > >> Studio.
>> > > > >>
>> > > > >>
>> > > > >> > provider is Apache Directory LDAP Client API.
>> > > > >> >
>> > > > >> > And in Authentication the authentication method is Simple
>> > > > >> Authentication.
>> > > > >> >
>> > > > >> >
>> > > > >> >
>> > > > >> > Below is my environment:
>> > > > >> >
>> > > > >> > ApacheDS: apacheds-2.0.0-M20-x86_64
>> > > > >> >
>> > > > >> > Directory Studio:
>> > > > >> > ApacheDirectoryStudio-2.0.0.v20150606-M9-win32.x86_64
>> > > > >> >
>> > > > >> > OS: CentOS6.6
>> > > > >> >
>> > > > >> >
>> > > > >> >
>> > > > >> > I haven’t found any clues in apache ds website and no related
>> > > > >> > articles found by google either.
>> > > > >> >
>> > > > >> > Is there any guidance for login ds with TLSv1 enabled ? Thanks
>> a
>> > > lot.
>> > > > >> >
>> > > > >> > Jason
>> > > > >> >
>> > > > >>
>> > > > >>
>> > > > >>
>> > > > >> --
>> > > > >> Kiran Ayyagari
>> > > > >> http://keydap.com
>> > > > >>
>> > > > >
>> > > > >
>> > > >
>> > > >
>> > > > --
>> > > > Kiran Ayyagari
>> > > > http://keydap.com
>> > > >
>> > > >
>> > >
>> > >
>> > > --
>> > > Kiran Ayyagari
>> > > http://keydap.com
>> > >
>> >
>>
>>
>>
>> --
>> Kiran Ayyagari
>> http://keydap.com
>>
>
>
Re: Enable TLSv1 in ApacheDS lead to Timeout Error
Posted by jeffty <wa...@gmail.com>.
Thanks Kiran, that works!
On Sun, Aug 9, 2015 at 7:04 PM, Kiran Ayyagari <ka...@apache.org> wrote:
> On Sun, Aug 9, 2015 at 7:00 PM, jeffty <wa...@gmail.com> wrote:
>
> > Most is illegal argument Exception: TLSV1 as below:
> >
> you should not use the LDAPS port (i.e, 10636 in this case) while using
> StartTLS
>
> use the LDAP port and it will work.
>
>
> > [09:16:20] WARN [org.apache.mina.util.DefaultExceptionMonitor] -
> Unexpected
> > exception.
> > org.apache.mina.core.filterchain.IoFilterLifeCycleException: onPreAdd():
> > sslFilter:SslFilter in (0x00000006: nio socket, server, /
> > 192.168.1.102:50073
> > => /192.168.1.82:10636)
> > at
> >
> >
> org.apache.mina.core.filterchain.DefaultIoFilterChain.register(DefaultIoFilterChain.java:383)
> > at
> >
> >
> org.apache.mina.core.filterchain.DefaultIoFilterChain.addLast(DefaultIoFilterChain.java:189)
> > at
> >
> >
> org.apache.mina.core.filterchain.DefaultIoFilterChainBuilder.buildFilterChain(DefaultIoFilterChainBuilder.java:436)
> > at
> >
> >
> org.apache.mina.core.polling.AbstractPollingIoProcessor.addNow(AbstractPollingIoProcessor.java:532)
> > at
> >
> >
> org.apache.mina.core.polling.AbstractPollingIoProcessor.handleNewSessions(AbstractPollingIoProcessor.java:505)
> > at
> >
> >
> org.apache.mina.core.polling.AbstractPollingIoProcessor.access$400(AbstractPollingIoProcessor.java:67)
> > at
> >
> >
> org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:1113)
> > at
> >
> >
> org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
> > at
> >
> >
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> > at
> >
> >
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> > at java.lang.Thread.run(Thread.java:745)
> > Caused by: java.lang.IllegalArgumentException: TLSV1
> > at sun.security.ssl.ProtocolVersion.valueOf(ProtocolVersion.java:187)
> > at sun.security.ssl.ProtocolList.convert(ProtocolList.java:84)
> > at sun.security.ssl.ProtocolList.<init>(ProtocolList.java:52)
> > at
> >
> sun.security.ssl.SSLEngineImpl.setEnabledProtocols(SSLEngineImpl.java:2081)
> > at org.apache.mina.filter.ssl.SslHandler.init(SslHandler.java:176)
> > at org.apache.mina.filter.ssl.SslFilter.onPreAdd(SslFilter.java:426)
> > at
> >
> >
> org.apache.mina.core.filterchain.DefaultIoFilterChain.register(DefaultIoFilterChain.java:381)
> > ... 10 more
> >
> >
> > On Sun, Aug 9, 2015 at 6:57 PM, Kiran Ayyagari <ka...@apache.org>
> > wrote:
> >
> > > On Sun, Aug 9, 2015 at 6:47 PM, jeffty <wa...@gmail.com> wrote:
> > >
> > > > openjdk version "1.8.0_51"
> > > > OpenJDK Runtime Environment (build 1.8.0_51-b16)
> > > > OpenJDK 64-Bit Server VM (build 25.51-b03, mixed mode)
> > > >
> > > ok, this should work, are there any errors in the server log?
> > >
> > > >
> > > > -----Original Message-----
> > > > From: Kiran Ayyagari [mailto:kayyagari@apache.org]
> > > > Sent: Sunday, August 09, 2015 6:46 PM
> > > > To: users@directory.apache.org
> > > > Subject: Re: Enable TLSv1 in ApacheDS lead to Timeout Error
> > > >
> > > > On Sun, Aug 9, 2015 at 6:44 PM, jeffty <wa...@gmail.com>
> wrote:
> > > >
> > > > > Thanks Kiran.
> > > > >
> > > > > Enable LDAPS Server option is checked and login is OK (when TLSv1
> is
> > > > > not enabled and Encryption method is Use SSL encryption ldaps://).
> > > > >
> > > > > After enable TLSv1 protocol, I change the Encryption method to Use
> > > > > StartTLS extension and still got PROTOCOL_ERROR.
> > > > >
> > > > on which java version the server is running?
> > > >
> > > > >
> > > > > See attached screenshot error_authenticate.jpg and connect_test.png
> > > > >
> > > > > Thanks.
> > > > >
> > > > > On Sun, Aug 9, 2015 at 6:06 PM, Kiran Ayyagari <
> kayyagari@apache.org
> > >
> > > > > wrote:
> > > > >
> > > > >> On Sun, Aug 9, 2015 at 4:48 PM, jeffty <wa...@gmail.com>
> > > wrote:
> > > > >>
> > > > >> > Hi All,
> > > > >> >
> > > > >> >
> > > > >> >
> > > > >> > I’ve enabled TLSv1 in ApacheDS, after restart the service I got
> a
> > > > >> timeout
> > > > >> > error and fail to login again.
> > > > >> >
> > > > >> > In Apache Directory Studio network Parameter, encryption method
> is
> > > > >> > Use
> > > > >> SSL
> > > > >> > encryption(ldaps://) and
> > > > >> >
> > > > >> two things:
> > > > >> 1. ldaps:// only works when the "Enable LDAPS Server" option is
> > > > >> checked in the config editor 2. you can still connect securely
> > > > >> without enabling the above option by using "Use StartTLS
> Extension"
> > > > >> option for the "Encryption method" on "Network Parameter" tab
> in
> > > > >> Studio.
> > > > >>
> > > > >>
> > > > >> > provider is Apache Directory LDAP Client API.
> > > > >> >
> > > > >> > And in Authentication the authentication method is Simple
> > > > >> Authentication.
> > > > >> >
> > > > >> >
> > > > >> >
> > > > >> > Below is my environment:
> > > > >> >
> > > > >> > ApacheDS: apacheds-2.0.0-M20-x86_64
> > > > >> >
> > > > >> > Directory Studio:
> > > > >> > ApacheDirectoryStudio-2.0.0.v20150606-M9-win32.x86_64
> > > > >> >
> > > > >> > OS: CentOS6.6
> > > > >> >
> > > > >> >
> > > > >> >
> > > > >> > I haven’t found any clues in apache ds website and no related
> > > > >> > articles found by google either.
> > > > >> >
> > > > >> > Is there any guidance for login ds with TLSv1 enabled ? Thanks a
> > > lot.
> > > > >> >
> > > > >> > Jason
> > > > >> >
> > > > >>
> > > > >>
> > > > >>
> > > > >> --
> > > > >> Kiran Ayyagari
> > > > >> http://keydap.com
> > > > >>
> > > > >
> > > > >
> > > >
> > > >
> > > > --
> > > > Kiran Ayyagari
> > > > http://keydap.com
> > > >
> > > >
> > >
> > >
> > > --
> > > Kiran Ayyagari
> > > http://keydap.com
> > >
> >
>
>
>
> --
> Kiran Ayyagari
> http://keydap.com
>
Re: Enable TLSv1 in ApacheDS lead to Timeout Error
Posted by Kiran Ayyagari <ka...@apache.org>.
On Sun, Aug 9, 2015 at 7:00 PM, jeffty <wa...@gmail.com> wrote:
> Most is illegal argument Exception: TLSV1 as below:
>
you should not use the LDAPS port (i.e, 10636 in this case) while using
StartTLS
use the LDAP port and it will work.
> [09:16:20] WARN [org.apache.mina.util.DefaultExceptionMonitor] - Unexpected
> exception.
> org.apache.mina.core.filterchain.IoFilterLifeCycleException: onPreAdd():
> sslFilter:SslFilter in (0x00000006: nio socket, server, /
> 192.168.1.102:50073
> => /192.168.1.82:10636)
> at
>
> org.apache.mina.core.filterchain.DefaultIoFilterChain.register(DefaultIoFilterChain.java:383)
> at
>
> org.apache.mina.core.filterchain.DefaultIoFilterChain.addLast(DefaultIoFilterChain.java:189)
> at
>
> org.apache.mina.core.filterchain.DefaultIoFilterChainBuilder.buildFilterChain(DefaultIoFilterChainBuilder.java:436)
> at
>
> org.apache.mina.core.polling.AbstractPollingIoProcessor.addNow(AbstractPollingIoProcessor.java:532)
> at
>
> org.apache.mina.core.polling.AbstractPollingIoProcessor.handleNewSessions(AbstractPollingIoProcessor.java:505)
> at
>
> org.apache.mina.core.polling.AbstractPollingIoProcessor.access$400(AbstractPollingIoProcessor.java:67)
> at
>
> org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:1113)
> at
>
> org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
> at
>
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at
>
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:745)
> Caused by: java.lang.IllegalArgumentException: TLSV1
> at sun.security.ssl.ProtocolVersion.valueOf(ProtocolVersion.java:187)
> at sun.security.ssl.ProtocolList.convert(ProtocolList.java:84)
> at sun.security.ssl.ProtocolList.<init>(ProtocolList.java:52)
> at
> sun.security.ssl.SSLEngineImpl.setEnabledProtocols(SSLEngineImpl.java:2081)
> at org.apache.mina.filter.ssl.SslHandler.init(SslHandler.java:176)
> at org.apache.mina.filter.ssl.SslFilter.onPreAdd(SslFilter.java:426)
> at
>
> org.apache.mina.core.filterchain.DefaultIoFilterChain.register(DefaultIoFilterChain.java:381)
> ... 10 more
>
>
> On Sun, Aug 9, 2015 at 6:57 PM, Kiran Ayyagari <ka...@apache.org>
> wrote:
>
> > On Sun, Aug 9, 2015 at 6:47 PM, jeffty <wa...@gmail.com> wrote:
> >
> > > openjdk version "1.8.0_51"
> > > OpenJDK Runtime Environment (build 1.8.0_51-b16)
> > > OpenJDK 64-Bit Server VM (build 25.51-b03, mixed mode)
> > >
> > ok, this should work, are there any errors in the server log?
> >
> > >
> > > -----Original Message-----
> > > From: Kiran Ayyagari [mailto:kayyagari@apache.org]
> > > Sent: Sunday, August 09, 2015 6:46 PM
> > > To: users@directory.apache.org
> > > Subject: Re: Enable TLSv1 in ApacheDS lead to Timeout Error
> > >
> > > On Sun, Aug 9, 2015 at 6:44 PM, jeffty <wa...@gmail.com> wrote:
> > >
> > > > Thanks Kiran.
> > > >
> > > > Enable LDAPS Server option is checked and login is OK (when TLSv1 is
> > > > not enabled and Encryption method is Use SSL encryption ldaps://).
> > > >
> > > > After enable TLSv1 protocol, I change the Encryption method to Use
> > > > StartTLS extension and still got PROTOCOL_ERROR.
> > > >
> > > on which java version the server is running?
> > >
> > > >
> > > > See attached screenshot error_authenticate.jpg and connect_test.png
> > > >
> > > > Thanks.
> > > >
> > > > On Sun, Aug 9, 2015 at 6:06 PM, Kiran Ayyagari <kayyagari@apache.org
> >
> > > > wrote:
> > > >
> > > >> On Sun, Aug 9, 2015 at 4:48 PM, jeffty <wa...@gmail.com>
> > wrote:
> > > >>
> > > >> > Hi All,
> > > >> >
> > > >> >
> > > >> >
> > > >> > I’ve enabled TLSv1 in ApacheDS, after restart the service I got a
> > > >> timeout
> > > >> > error and fail to login again.
> > > >> >
> > > >> > In Apache Directory Studio network Parameter, encryption method is
> > > >> > Use
> > > >> SSL
> > > >> > encryption(ldaps://) and
> > > >> >
> > > >> two things:
> > > >> 1. ldaps:// only works when the "Enable LDAPS Server" option is
> > > >> checked in the config editor 2. you can still connect securely
> > > >> without enabling the above option by using "Use StartTLS Extension"
> > > >> option for the "Encryption method" on "Network Parameter" tab in
> > > >> Studio.
> > > >>
> > > >>
> > > >> > provider is Apache Directory LDAP Client API.
> > > >> >
> > > >> > And in Authentication the authentication method is Simple
> > > >> Authentication.
> > > >> >
> > > >> >
> > > >> >
> > > >> > Below is my environment:
> > > >> >
> > > >> > ApacheDS: apacheds-2.0.0-M20-x86_64
> > > >> >
> > > >> > Directory Studio:
> > > >> > ApacheDirectoryStudio-2.0.0.v20150606-M9-win32.x86_64
> > > >> >
> > > >> > OS: CentOS6.6
> > > >> >
> > > >> >
> > > >> >
> > > >> > I haven’t found any clues in apache ds website and no related
> > > >> > articles found by google either.
> > > >> >
> > > >> > Is there any guidance for login ds with TLSv1 enabled ? Thanks a
> > lot.
> > > >> >
> > > >> > Jason
> > > >> >
> > > >>
> > > >>
> > > >>
> > > >> --
> > > >> Kiran Ayyagari
> > > >> http://keydap.com
> > > >>
> > > >
> > > >
> > >
> > >
> > > --
> > > Kiran Ayyagari
> > > http://keydap.com
> > >
> > >
> >
> >
> > --
> > Kiran Ayyagari
> > http://keydap.com
> >
>
--
Kiran Ayyagari
http://keydap.com
Re: Enable TLSv1 in ApacheDS lead to Timeout Error
Posted by jeffty <wa...@gmail.com>.
Most is illegal argument Exception: TLSV1 as below:
[09:16:20] WARN [org.apache.mina.util.DefaultExceptionMonitor] - Unexpected
exception.
org.apache.mina.core.filterchain.IoFilterLifeCycleException: onPreAdd():
sslFilter:SslFilter in (0x00000006: nio socket, server, /192.168.1.102:50073
=> /192.168.1.82:10636)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.register(DefaultIoFilterChain.java:383)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.addLast(DefaultIoFilterChain.java:189)
at
org.apache.mina.core.filterchain.DefaultIoFilterChainBuilder.buildFilterChain(DefaultIoFilterChainBuilder.java:436)
at
org.apache.mina.core.polling.AbstractPollingIoProcessor.addNow(AbstractPollingIoProcessor.java:532)
at
org.apache.mina.core.polling.AbstractPollingIoProcessor.handleNewSessions(AbstractPollingIoProcessor.java:505)
at
org.apache.mina.core.polling.AbstractPollingIoProcessor.access$400(AbstractPollingIoProcessor.java:67)
at
org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:1113)
at
org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.IllegalArgumentException: TLSV1
at sun.security.ssl.ProtocolVersion.valueOf(ProtocolVersion.java:187)
at sun.security.ssl.ProtocolList.convert(ProtocolList.java:84)
at sun.security.ssl.ProtocolList.<init>(ProtocolList.java:52)
at
sun.security.ssl.SSLEngineImpl.setEnabledProtocols(SSLEngineImpl.java:2081)
at org.apache.mina.filter.ssl.SslHandler.init(SslHandler.java:176)
at org.apache.mina.filter.ssl.SslFilter.onPreAdd(SslFilter.java:426)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.register(DefaultIoFilterChain.java:381)
... 10 more
On Sun, Aug 9, 2015 at 6:57 PM, Kiran Ayyagari <ka...@apache.org> wrote:
> On Sun, Aug 9, 2015 at 6:47 PM, jeffty <wa...@gmail.com> wrote:
>
> > openjdk version "1.8.0_51"
> > OpenJDK Runtime Environment (build 1.8.0_51-b16)
> > OpenJDK 64-Bit Server VM (build 25.51-b03, mixed mode)
> >
> ok, this should work, are there any errors in the server log?
>
> >
> > -----Original Message-----
> > From: Kiran Ayyagari [mailto:kayyagari@apache.org]
> > Sent: Sunday, August 09, 2015 6:46 PM
> > To: users@directory.apache.org
> > Subject: Re: Enable TLSv1 in ApacheDS lead to Timeout Error
> >
> > On Sun, Aug 9, 2015 at 6:44 PM, jeffty <wa...@gmail.com> wrote:
> >
> > > Thanks Kiran.
> > >
> > > Enable LDAPS Server option is checked and login is OK (when TLSv1 is
> > > not enabled and Encryption method is Use SSL encryption ldaps://).
> > >
> > > After enable TLSv1 protocol, I change the Encryption method to Use
> > > StartTLS extension and still got PROTOCOL_ERROR.
> > >
> > on which java version the server is running?
> >
> > >
> > > See attached screenshot error_authenticate.jpg and connect_test.png
> > >
> > > Thanks.
> > >
> > > On Sun, Aug 9, 2015 at 6:06 PM, Kiran Ayyagari <ka...@apache.org>
> > > wrote:
> > >
> > >> On Sun, Aug 9, 2015 at 4:48 PM, jeffty <wa...@gmail.com>
> wrote:
> > >>
> > >> > Hi All,
> > >> >
> > >> >
> > >> >
> > >> > I’ve enabled TLSv1 in ApacheDS, after restart the service I got a
> > >> timeout
> > >> > error and fail to login again.
> > >> >
> > >> > In Apache Directory Studio network Parameter, encryption method is
> > >> > Use
> > >> SSL
> > >> > encryption(ldaps://) and
> > >> >
> > >> two things:
> > >> 1. ldaps:// only works when the "Enable LDAPS Server" option is
> > >> checked in the config editor 2. you can still connect securely
> > >> without enabling the above option by using "Use StartTLS Extension"
> > >> option for the "Encryption method" on "Network Parameter" tab in
> > >> Studio.
> > >>
> > >>
> > >> > provider is Apache Directory LDAP Client API.
> > >> >
> > >> > And in Authentication the authentication method is Simple
> > >> Authentication.
> > >> >
> > >> >
> > >> >
> > >> > Below is my environment:
> > >> >
> > >> > ApacheDS: apacheds-2.0.0-M20-x86_64
> > >> >
> > >> > Directory Studio:
> > >> > ApacheDirectoryStudio-2.0.0.v20150606-M9-win32.x86_64
> > >> >
> > >> > OS: CentOS6.6
> > >> >
> > >> >
> > >> >
> > >> > I haven’t found any clues in apache ds website and no related
> > >> > articles found by google either.
> > >> >
> > >> > Is there any guidance for login ds with TLSv1 enabled ? Thanks a
> lot.
> > >> >
> > >> > Jason
> > >> >
> > >>
> > >>
> > >>
> > >> --
> > >> Kiran Ayyagari
> > >> http://keydap.com
> > >>
> > >
> > >
> >
> >
> > --
> > Kiran Ayyagari
> > http://keydap.com
> >
> >
>
>
> --
> Kiran Ayyagari
> http://keydap.com
>
Re: Enable TLSv1 in ApacheDS lead to Timeout Error
Posted by Kiran Ayyagari <ka...@apache.org>.
On Sun, Aug 9, 2015 at 6:47 PM, jeffty <wa...@gmail.com> wrote:
> openjdk version "1.8.0_51"
> OpenJDK Runtime Environment (build 1.8.0_51-b16)
> OpenJDK 64-Bit Server VM (build 25.51-b03, mixed mode)
>
ok, this should work, are there any errors in the server log?
>
> -----Original Message-----
> From: Kiran Ayyagari [mailto:kayyagari@apache.org]
> Sent: Sunday, August 09, 2015 6:46 PM
> To: users@directory.apache.org
> Subject: Re: Enable TLSv1 in ApacheDS lead to Timeout Error
>
> On Sun, Aug 9, 2015 at 6:44 PM, jeffty <wa...@gmail.com> wrote:
>
> > Thanks Kiran.
> >
> > Enable LDAPS Server option is checked and login is OK (when TLSv1 is
> > not enabled and Encryption method is Use SSL encryption ldaps://).
> >
> > After enable TLSv1 protocol, I change the Encryption method to Use
> > StartTLS extension and still got PROTOCOL_ERROR.
> >
> on which java version the server is running?
>
> >
> > See attached screenshot error_authenticate.jpg and connect_test.png
> >
> > Thanks.
> >
> > On Sun, Aug 9, 2015 at 6:06 PM, Kiran Ayyagari <ka...@apache.org>
> > wrote:
> >
> >> On Sun, Aug 9, 2015 at 4:48 PM, jeffty <wa...@gmail.com> wrote:
> >>
> >> > Hi All,
> >> >
> >> >
> >> >
> >> > I’ve enabled TLSv1 in ApacheDS, after restart the service I got a
> >> timeout
> >> > error and fail to login again.
> >> >
> >> > In Apache Directory Studio network Parameter, encryption method is
> >> > Use
> >> SSL
> >> > encryption(ldaps://) and
> >> >
> >> two things:
> >> 1. ldaps:// only works when the "Enable LDAPS Server" option is
> >> checked in the config editor 2. you can still connect securely
> >> without enabling the above option by using "Use StartTLS Extension"
> >> option for the "Encryption method" on "Network Parameter" tab in
> >> Studio.
> >>
> >>
> >> > provider is Apache Directory LDAP Client API.
> >> >
> >> > And in Authentication the authentication method is Simple
> >> Authentication.
> >> >
> >> >
> >> >
> >> > Below is my environment:
> >> >
> >> > ApacheDS: apacheds-2.0.0-M20-x86_64
> >> >
> >> > Directory Studio:
> >> > ApacheDirectoryStudio-2.0.0.v20150606-M9-win32.x86_64
> >> >
> >> > OS: CentOS6.6
> >> >
> >> >
> >> >
> >> > I haven’t found any clues in apache ds website and no related
> >> > articles found by google either.
> >> >
> >> > Is there any guidance for login ds with TLSv1 enabled ? Thanks a lot.
> >> >
> >> > Jason
> >> >
> >>
> >>
> >>
> >> --
> >> Kiran Ayyagari
> >> http://keydap.com
> >>
> >
> >
>
>
> --
> Kiran Ayyagari
> http://keydap.com
>
>
--
Kiran Ayyagari
http://keydap.com
Re: Enable TLSv1 in ApacheDS lead to Timeout Error
Posted by jeffty <wa...@gmail.com>.
Also attach the wrapper and apacheds log.
My IP is 192.168.1.102, apache ds IP is 192.168.1.82
Thanks.
Jason
On Sun, Aug 9, 2015 at 6:47 PM, jeffty <wa...@gmail.com> wrote:
> openjdk version "1.8.0_51"
> OpenJDK Runtime Environment (build 1.8.0_51-b16)
> OpenJDK 64-Bit Server VM (build 25.51-b03, mixed mode)
>
> -----Original Message-----
> From: Kiran Ayyagari [mailto:kayyagari@apache.org]
> Sent: Sunday, August 09, 2015 6:46 PM
> To: users@directory.apache.org
> Subject: Re: Enable TLSv1 in ApacheDS lead to Timeout Error
>
> On Sun, Aug 9, 2015 at 6:44 PM, jeffty <wa...@gmail.com> wrote:
>
> > Thanks Kiran.
> >
> > Enable LDAPS Server option is checked and login is OK (when TLSv1 is
> > not enabled and Encryption method is Use SSL encryption ldaps://).
> >
> > After enable TLSv1 protocol, I change the Encryption method to Use
> > StartTLS extension and still got PROTOCOL_ERROR.
> >
> on which java version the server is running?
>
> >
> > See attached screenshot error_authenticate.jpg and connect_test.png
> >
> > Thanks.
> >
> > On Sun, Aug 9, 2015 at 6:06 PM, Kiran Ayyagari <ka...@apache.org>
> > wrote:
> >
> >> On Sun, Aug 9, 2015 at 4:48 PM, jeffty <wa...@gmail.com> wrote:
> >>
> >> > Hi All,
> >> >
> >> >
> >> >
> >> > I’ve enabled TLSv1 in ApacheDS, after restart the service I got a
> >> timeout
> >> > error and fail to login again.
> >> >
> >> > In Apache Directory Studio network Parameter, encryption method is
> >> > Use
> >> SSL
> >> > encryption(ldaps://) and
> >> >
> >> two things:
> >> 1. ldaps:// only works when the "Enable LDAPS Server" option is
> >> checked in the config editor 2. you can still connect securely
> >> without enabling the above option by using "Use StartTLS Extension"
> >> option for the "Encryption method" on "Network Parameter" tab in
> >> Studio.
> >>
> >>
> >> > provider is Apache Directory LDAP Client API.
> >> >
> >> > And in Authentication the authentication method is Simple
> >> Authentication.
> >> >
> >> >
> >> >
> >> > Below is my environment:
> >> >
> >> > ApacheDS: apacheds-2.0.0-M20-x86_64
> >> >
> >> > Directory Studio:
> >> > ApacheDirectoryStudio-2.0.0.v20150606-M9-win32.x86_64
> >> >
> >> > OS: CentOS6.6
> >> >
> >> >
> >> >
> >> > I haven’t found any clues in apache ds website and no related
> >> > articles found by google either.
> >> >
> >> > Is there any guidance for login ds with TLSv1 enabled ? Thanks a lot.
> >> >
> >> > Jason
> >> >
> >>
> >>
> >>
> >> --
> >> Kiran Ayyagari
> >> http://keydap.com
> >>
> >
> >
>
>
> --
> Kiran Ayyagari
> http://keydap.com
>
>
RE: Enable TLSv1 in ApacheDS lead to Timeout Error
Posted by jeffty <wa...@gmail.com>.
openjdk version "1.8.0_51"
OpenJDK Runtime Environment (build 1.8.0_51-b16)
OpenJDK 64-Bit Server VM (build 25.51-b03, mixed mode)
-----Original Message-----
From: Kiran Ayyagari [mailto:kayyagari@apache.org]
Sent: Sunday, August 09, 2015 6:46 PM
To: users@directory.apache.org
Subject: Re: Enable TLSv1 in ApacheDS lead to Timeout Error
On Sun, Aug 9, 2015 at 6:44 PM, jeffty <wa...@gmail.com> wrote:
> Thanks Kiran.
>
> Enable LDAPS Server option is checked and login is OK (when TLSv1 is
> not enabled and Encryption method is Use SSL encryption ldaps://).
>
> After enable TLSv1 protocol, I change the Encryption method to Use
> StartTLS extension and still got PROTOCOL_ERROR.
>
on which java version the server is running?
>
> See attached screenshot error_authenticate.jpg and connect_test.png
>
> Thanks.
>
> On Sun, Aug 9, 2015 at 6:06 PM, Kiran Ayyagari <ka...@apache.org>
> wrote:
>
>> On Sun, Aug 9, 2015 at 4:48 PM, jeffty <wa...@gmail.com> wrote:
>>
>> > Hi All,
>> >
>> >
>> >
>> > I’ve enabled TLSv1 in ApacheDS, after restart the service I got a
>> timeout
>> > error and fail to login again.
>> >
>> > In Apache Directory Studio network Parameter, encryption method is
>> > Use
>> SSL
>> > encryption(ldaps://) and
>> >
>> two things:
>> 1. ldaps:// only works when the "Enable LDAPS Server" option is
>> checked in the config editor 2. you can still connect securely
>> without enabling the above option by using "Use StartTLS Extension"
>> option for the "Encryption method" on "Network Parameter" tab in
>> Studio.
>>
>>
>> > provider is Apache Directory LDAP Client API.
>> >
>> > And in Authentication the authentication method is Simple
>> Authentication.
>> >
>> >
>> >
>> > Below is my environment:
>> >
>> > ApacheDS: apacheds-2.0.0-M20-x86_64
>> >
>> > Directory Studio:
>> > ApacheDirectoryStudio-2.0.0.v20150606-M9-win32.x86_64
>> >
>> > OS: CentOS6.6
>> >
>> >
>> >
>> > I haven’t found any clues in apache ds website and no related
>> > articles found by google either.
>> >
>> > Is there any guidance for login ds with TLSv1 enabled ? Thanks a lot.
>> >
>> > Jason
>> >
>>
>>
>>
>> --
>> Kiran Ayyagari
>> http://keydap.com
>>
>
>
--
Kiran Ayyagari
http://keydap.com
Re: Enable TLSv1 in ApacheDS lead to Timeout Error
Posted by Kiran Ayyagari <ka...@apache.org>.
On Sun, Aug 9, 2015 at 6:44 PM, jeffty <wa...@gmail.com> wrote:
> Thanks Kiran.
>
> Enable LDAPS Server option is checked and login is OK (when TLSv1 is not
> enabled and Encryption method is Use SSL encryption ldaps://).
>
> After enable TLSv1 protocol, I change the Encryption method to Use
> StartTLS extension and still got PROTOCOL_ERROR.
>
on which java version the server is running?
>
> See attached screenshot error_authenticate.jpg and connect_test.png
>
> Thanks.
>
> On Sun, Aug 9, 2015 at 6:06 PM, Kiran Ayyagari <ka...@apache.org>
> wrote:
>
>> On Sun, Aug 9, 2015 at 4:48 PM, jeffty <wa...@gmail.com> wrote:
>>
>> > Hi All,
>> >
>> >
>> >
>> > I’ve enabled TLSv1 in ApacheDS, after restart the service I got a
>> timeout
>> > error and fail to login again.
>> >
>> > In Apache Directory Studio network Parameter, encryption method is Use
>> SSL
>> > encryption(ldaps://) and
>> >
>> two things:
>> 1. ldaps:// only works when the "Enable LDAPS Server" option is checked in
>> the config editor
>> 2. you can still connect securely without enabling the above option by
>> using "Use StartTLS Extension"
>> option for the "Encryption method" on "Network Parameter" tab in
>> Studio.
>>
>>
>> > provider is Apache Directory LDAP Client API.
>> >
>> > And in Authentication the authentication method is Simple
>> Authentication.
>> >
>> >
>> >
>> > Below is my environment:
>> >
>> > ApacheDS: apacheds-2.0.0-M20-x86_64
>> >
>> > Directory Studio: ApacheDirectoryStudio-2.0.0.v20150606-M9-win32.x86_64
>> >
>> > OS: CentOS6.6
>> >
>> >
>> >
>> > I haven’t found any clues in apache ds website and no related articles
>> > found by google either.
>> >
>> > Is there any guidance for login ds with TLSv1 enabled ? Thanks a lot.
>> >
>> > Jason
>> >
>>
>>
>>
>> --
>> Kiran Ayyagari
>> http://keydap.com
>>
>
>
--
Kiran Ayyagari
http://keydap.com
Re: Enable TLSv1 in ApacheDS lead to Timeout Error
Posted by jeffty <wa...@gmail.com>.
Thanks Kiran.
Enable LDAPS Server option is checked and login is OK (when TLSv1 is not
enabled and Encryption method is Use SSL encryption ldaps://).
After enable TLSv1 protocol, I change the Encryption method to Use StartTLS
extension and still got PROTOCOL_ERROR.
See attached screenshot error_authenticate.jpg and connect_test.png
Thanks.
On Sun, Aug 9, 2015 at 6:06 PM, Kiran Ayyagari <ka...@apache.org> wrote:
> On Sun, Aug 9, 2015 at 4:48 PM, jeffty <wa...@gmail.com> wrote:
>
> > Hi All,
> >
> >
> >
> > I’ve enabled TLSv1 in ApacheDS, after restart the service I got a timeout
> > error and fail to login again.
> >
> > In Apache Directory Studio network Parameter, encryption method is Use
> SSL
> > encryption(ldaps://) and
> >
> two things:
> 1. ldaps:// only works when the "Enable LDAPS Server" option is checked in
> the config editor
> 2. you can still connect securely without enabling the above option by
> using "Use StartTLS Extension"
> option for the "Encryption method" on "Network Parameter" tab in
> Studio.
>
>
> > provider is Apache Directory LDAP Client API.
> >
> > And in Authentication the authentication method is Simple Authentication.
> >
> >
> >
> > Below is my environment:
> >
> > ApacheDS: apacheds-2.0.0-M20-x86_64
> >
> > Directory Studio: ApacheDirectoryStudio-2.0.0.v20150606-M9-win32.x86_64
> >
> > OS: CentOS6.6
> >
> >
> >
> > I haven’t found any clues in apache ds website and no related articles
> > found by google either.
> >
> > Is there any guidance for login ds with TLSv1 enabled ? Thanks a lot.
> >
> > Jason
> >
>
>
>
> --
> Kiran Ayyagari
> http://keydap.com
>
Re: Enable TLSv1 in ApacheDS lead to Timeout Error
Posted by Kiran Ayyagari <ka...@apache.org>.
On Sun, Aug 9, 2015 at 4:48 PM, jeffty <wa...@gmail.com> wrote:
> Hi All,
>
>
>
> I’ve enabled TLSv1 in ApacheDS, after restart the service I got a timeout
> error and fail to login again.
>
> In Apache Directory Studio network Parameter, encryption method is Use SSL
> encryption(ldaps://) and
>
two things:
1. ldaps:// only works when the "Enable LDAPS Server" option is checked in
the config editor
2. you can still connect securely without enabling the above option by
using "Use StartTLS Extension"
option for the "Encryption method" on "Network Parameter" tab in Studio.
> provider is Apache Directory LDAP Client API.
>
> And in Authentication the authentication method is Simple Authentication.
>
>
>
> Below is my environment:
>
> ApacheDS: apacheds-2.0.0-M20-x86_64
>
> Directory Studio: ApacheDirectoryStudio-2.0.0.v20150606-M9-win32.x86_64
>
> OS: CentOS6.6
>
>
>
> I haven’t found any clues in apache ds website and no related articles
> found by google either.
>
> Is there any guidance for login ds with TLSv1 enabled ? Thanks a lot.
>
> Jason
>
--
Kiran Ayyagari
http://keydap.com