You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "Stefan Seelmann (JIRA)" <ji...@apache.org> on 2016/08/30 19:50:20 UTC

[jira] [Commented] (DIRSTUDIO-1113) SSL Handshake failed Certificates does not conform to algorithm constraints using recent Java version >1.8.0_77

    [ https://issues.apache.org/jira/browse/DIRSTUDIO-1113?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15449954#comment-15449954 ] 

Stefan Seelmann commented on DIRSTUDIO-1113:
--------------------------------------------

Which server do you try to connect to?

If you try to connect to the included ApacheDS LDAP server with its auto-generated key: That is a 512 bit RSA key, and due to US export restrictions (at least as far as I understand) we are not allowed to release sofware that generates a stronger key. So you need generate and import a stronger key yourself. How it works is described at https://directory.apache.org/apacheds/basic-ug/3.3-enabling-ssl.html, hopefully it is up-to-date.


> SSL Handshake failed Certificates does not conform to algorithm constraints using recent Java version >1.8.0_77
> ---------------------------------------------------------------------------------------------------------------
>
>                 Key: DIRSTUDIO-1113
>                 URL: https://issues.apache.org/jira/browse/DIRSTUDIO-1113
>             Project: Directory Studio
>          Issue Type: Bug
>    Affects Versions: 2.0.0-M10 (2.0.0.v20151221-M10)
>         Environment: Windows 7 - JRE >1.8.0_77
>            Reporter: nkilani
>              Labels: security, ssl
>
> Unable to connect to LDAP server through SSL when JRE version is recent > 1.8.0_77
> error log:
> !ENTRY org.apache.directory.studio.slf4j-eclipselog 2 0 2016-08-30 18:20:44.475
> !MESSAGE SSL handshake failed.
> !STACK 0
> javax.net.ssl.SSLHandshakeException: SSL handshake failed.
> 	at org.apache.mina.filter.ssl.SslFilter.messageReceived(SslFilter.java:519)
> 	at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:542)
> 	at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1300(DefaultIoFilterChain.java:48)
> 	at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:943)
> 	at org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:109)
> 	at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:542)
> 	at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:535)
> 	at org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:697)
> 	at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:651)
> 	at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:640)
> 	at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$600(AbstractPollingIoProcessor.java:68)
> 	at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:1097)
> 	at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
> 	at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
> 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
> 	at java.lang.Thread.run(Unknown Source)
> Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> 	at sun.security.ssl.Handshaker.checkThrown(Unknown Source)
> 	at sun.security.ssl.SSLEngineImpl.checkTaskThrown(Unknown Source)
> 	at sun.security.ssl.SSLEngineImpl.writeAppRecord(Unknown Source)
> 	at sun.security.ssl.SSLEngineImpl.wrap(Unknown Source)
> 	at javax.net.ssl.SSLEngine.wrap(Unknown Source)
> 	at org.apache.mina.filter.ssl.SslHandler.handshake(SslHandler.java:600)
> 	at org.apache.mina.filter.ssl.SslHandler.messageReceived(SslHandler.java:359)
> 	at org.apache.mina.filter.ssl.SslFilter.messageReceived(SslFilter.java:500)
> 	... 15 more
> Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> 	at sun.security.ssl.Alerts.getSSLException(Unknown Source)
> 	at sun.security.ssl.SSLEngineImpl.fatal(Unknown Source)
> 	at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> 	at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> 	at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
> 	at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
> 	at sun.security.ssl.Handshaker.processLoop(Unknown Source)
> 	at sun.security.ssl.Handshaker$1.run(Unknown Source)
> 	at sun.security.ssl.Handshaker$1.run(Unknown Source)
> 	at java.security.AccessController.doPrivileged(Native Method)
> 	at sun.security.ssl.Handshaker$DelegatedTask.run(Unknown Source)
> 	at org.apache.mina.filter.ssl.SslHandler.doTasks(SslHandler.java:791)
> 	at org.apache.mina.filter.ssl.SslHandler.handshake(SslHandler.java:566)
> 	... 17 more
> Caused by: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
> 	at sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(Unknown Source)
> 	at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(Unknown Source)
> 	at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(Unknown Source)
> 	... 26 more



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)