Hi, I am using a virtual direcory (penrose) based on apacheds. I found that Apacheds' SSL support doesn't work with outlook.
my envirment: jdk 1.5.0_09-b03 windows xp outlook xp apacheds 1.0.0 (1.0.0-rc3 how to reproduce it: 1 install apacheds 2 setup ssl following http://cwiki.apache.org/DIRxSRVx10/how-to-enable-ssl.html, except that I change the keystore's cn=zanzibar to cn=localhost 3 startup 4 connect to 10389 using jxplorer, it works connect to 10636/ssl using jxplorer, also works 5 setup outlook to use localhost as ldap server connect to 10389, it works(but can't get any results, this doesn't matter, I have actually setup a whole outlook readable directory, it didn't change anything) 6 connect to 10636/ssl, it did NOT work. outlook says it can't connect to ldap server, error code is 81 7 Access https://localhost:10636 doesn't help, IE will promot to install the key, but outlook still can't connect to ldap. logging: I have enable ssl debug, here is the result : *** found key for : localhost chain [0] = [ [ Version: V1 Subject: CN=localhost, OU=ApacheDS, O=ASF, C=US Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4 Key: Sun RSA public key, 1024 bits modulus: 93690567304560358207948800462304344787653972926708445137556188844906551738004646142898598110107042120590921928329357309950934630682191814787460916745097868595426737938591158043568035044490947504319107319602318803896553477562911262642591031153078445938220970218730642886893394935454832735154808627448199754771 public exponent: 65537 Validity: [From: Sun Jan 28 10:40:33 CST 2007, To: Tue Jan 27 10:40:33 CST 2009] Issuer: CN=localhost, OU=ApacheDS, O=ASF, C=US SerialNumber: [ 45bc0d21] ] Algorithm: [MD5withRSA] Signature: 0000: 19 0C 0A 3C 6B 0B 8E 17 E5 C1 70 AA BF 72 D4 86 ...<k.....p..r.. 0010: 55 64 AC BB 17 1A 11 C0 44 46 69 88 40 F5 AD BD [EMAIL PROTECTED] 0020: 77 23 A7 6E 99 3C A0 83 B7 09 9A DC 39 C1 C0 78 w#.n.<......9..x 0030: FC 05 6A 0E 1B 45 80 10 6F 22 FF 26 02 90 34 A6 ..j..E..o".&..4. 0040: 69 07 2F E1 99 7F 90 40 63 C4 EB 43 01 89 77 1A i./[EMAIL PROTECTED] 0050: 63 C0 72 3B F8 E8 55 6D 7E EE 24 BE 18 80 6F B9 c.r;..Um..$...o. 0060: 39 9F 0C 63 38 C3 4C BD 24 05 A5 A5 F9 F8 F0 85 9..c8.L.$....... 0070: 52 35 93 84 36 1E 5C 02 C0 32 7F 8A 18 F1 77 EC R5..6.\..2....w. ] *** trigger seeding of SecureRandom done seeding SecureRandom Using SSLEngineImpl. pool-3-thread-1, READ: SSL v2, contentType = Handshake, translated length = 65 *** ClientHello, TLSv1 RandomCookie: GMT: 0 bytes = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 250, 123, 42, 223, 131, 145, 37, 62, 124, 178, 93, 230, 183, 185, 68, 43 } Session ID: {} Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_RSA_EXPORT1024_WITH_RC4_56_SHA, SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA] Compression Methods: { 0 } *** matching alias: localhost %% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5] *** ServerHello, TLSv1 RandomCookie: GMT: 1153177174 bytes = { 146, 79, 74, 155, 154, 243, 55, 106, 246, 28, 71, 30, 166, 172, 134, 212, 10, 100, 60, 51, 141, 168, 35, 40, 121, 97, 168, 83 } Session ID: {69, 188, 22, 86, 49, 105, 6, 0, 201, 61, 99, 240, 216, 88, 87, 227, 145, 104, 237, 7, 189, 196, 82, 240, 183, 155, 35, 186, 212, 187, 188, 204} Cipher Suite: SSL_RSA_WITH_RC4_128_MD5 Compression Method: 0 *** Cipher suite: SSL_RSA_WITH_RC4_128_MD5 *** Certificate chain chain [0] = [ [ Version: V1 Subject: CN=localhost, OU=ApacheDS, O=ASF, C=US Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4 Key: Sun RSA public key, 1024 bits modulus: 93690567304560358207948800462304344787653972926708445137556188844906551738004646142898598110107042120590921928329357309950934630682191814787460916745097868595426737938591158043568035044490947504319107319602318803896553477562911262642591031153078445938220970218730642886893394935454832735154808627448199754771 public exponent: 65537 Validity: [From: Sun Jan 28 10:40:33 CST 2007, To: Tue Jan 27 10:40:33 CST 2009] Issuer: CN=localhost, OU=ApacheDS, O=ASF, C=US SerialNumber: [ 45bc0d21] ] Algorithm: [MD5withRSA] Signature: 0000: 19 0C 0A 3C 6B 0B 8E 17 E5 C1 70 AA BF 72 D4 86 ...<k.....p..r.. 0010: 55 64 AC BB 17 1A 11 C0 44 46 69 88 40 F5 AD BD [EMAIL PROTECTED] 0020: 77 23 A7 6E 99 3C A0 83 B7 09 9A DC 39 C1 C0 78 w#.n.<......9..x 0030: FC 05 6A 0E 1B 45 80 10 6F 22 FF 26 02 90 34 A6 ..j..E..o".&..4. 0040: 69 07 2F E1 99 7F 90 40 63 C4 EB 43 01 89 77 1A i./[EMAIL PROTECTED] 0050: 63 C0 72 3B F8 E8 55 6D 7E EE 24 BE 18 80 6F B9 c.r;..Um..$...o. 0060: 39 9F 0C 63 38 C3 4C BD 24 05 A5 A5 F9 F8 F0 85 9..c8.L.$....... 0070: 52 35 93 84 36 1E 5C 02 C0 32 7F 8A 18 F1 77 EC R5..6.\..2....w. ] *** *** ServerHelloDone pool-3-thread-1, WRITE: TLSv1 Handshake, length = 594 pool-3-thread-2, called closeInbound() pool-3-thread-2, fatal error: 80: Inbound closed before receiving peer's close_notify: possible truncation attack? javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack? pool-3-thread-2, SEND TLSv1 ALERT: fatal, description = internal_error pool-3-thread-2, WRITE: TLSv1 Alert, length = 2 pool-3-thread-2, called closeOutbound() pool-3-thread-2, closeOutboundInternal() NOTE: the last javax.net.ssl.SSLException may not be the result reason, because I got outlook's error message before that. When I close the outlook error message, this exception will be printed.
