You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "Stefan Seelmann (JIRA)" <ji...@apache.org> on 2016/08/31 19:27:20 UTC

[jira] [Resolved] (DIRSTUDIO-1113) SSL Handshake failed Certificates does not conform to algorithm constraints using recent Java version >1.8.0_77

     [ https://issues.apache.org/jira/browse/DIRSTUDIO-1113?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Stefan Seelmann resolved DIRSTUDIO-1113.
----------------------------------------
    Resolution: Workaround

Closing this issue, nothing that can be done in Studio itself, larger key sizes make sense, workarounds exist.

> SSL Handshake failed Certificates does not conform to algorithm constraints using recent Java version >1.8.0_77
> ---------------------------------------------------------------------------------------------------------------
>
>                 Key: DIRSTUDIO-1113
>                 URL: https://issues.apache.org/jira/browse/DIRSTUDIO-1113
>             Project: Directory Studio
>          Issue Type: Bug
>    Affects Versions: 2.0.0-M10 (2.0.0.v20151221-M10)
>         Environment: Windows 7 - JRE >1.8.0_77
>            Reporter: nkilani
>              Labels: security, ssl
>
> Unable to connect to LDAP server through SSL when JRE version is recent > 1.8.0_77
> error log:
> !ENTRY org.apache.directory.studio.slf4j-eclipselog 2 0 2016-08-30 18:20:44.475
> !MESSAGE SSL handshake failed.
> !STACK 0
> javax.net.ssl.SSLHandshakeException: SSL handshake failed.
> 	at org.apache.mina.filter.ssl.SslFilter.messageReceived(SslFilter.java:519)
> 	at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:542)
> 	at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1300(DefaultIoFilterChain.java:48)
> 	at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:943)
> 	at org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:109)
> 	at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:542)
> 	at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:535)
> 	at org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:697)
> 	at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:651)
> 	at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:640)
> 	at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$600(AbstractPollingIoProcessor.java:68)
> 	at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:1097)
> 	at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
> 	at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
> 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
> 	at java.lang.Thread.run(Unknown Source)
> Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> 	at sun.security.ssl.Handshaker.checkThrown(Unknown Source)
> 	at sun.security.ssl.SSLEngineImpl.checkTaskThrown(Unknown Source)
> 	at sun.security.ssl.SSLEngineImpl.writeAppRecord(Unknown Source)
> 	at sun.security.ssl.SSLEngineImpl.wrap(Unknown Source)
> 	at javax.net.ssl.SSLEngine.wrap(Unknown Source)
> 	at org.apache.mina.filter.ssl.SslHandler.handshake(SslHandler.java:600)
> 	at org.apache.mina.filter.ssl.SslHandler.messageReceived(SslHandler.java:359)
> 	at org.apache.mina.filter.ssl.SslFilter.messageReceived(SslFilter.java:500)
> 	... 15 more
> Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> 	at sun.security.ssl.Alerts.getSSLException(Unknown Source)
> 	at sun.security.ssl.SSLEngineImpl.fatal(Unknown Source)
> 	at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> 	at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> 	at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
> 	at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
> 	at sun.security.ssl.Handshaker.processLoop(Unknown Source)
> 	at sun.security.ssl.Handshaker$1.run(Unknown Source)
> 	at sun.security.ssl.Handshaker$1.run(Unknown Source)
> 	at java.security.AccessController.doPrivileged(Native Method)
> 	at sun.security.ssl.Handshaker$DelegatedTask.run(Unknown Source)
> 	at org.apache.mina.filter.ssl.SslHandler.doTasks(SslHandler.java:791)
> 	at org.apache.mina.filter.ssl.SslHandler.handshake(SslHandler.java:566)
> 	... 17 more
> Caused by: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
> 	at sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(Unknown Source)
> 	at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(Unknown Source)
> 	at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(Unknown Source)
> 	... 26 more



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)