[
https://issues.apache.org/jira/browse/DIRSERVER-2043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15272110#comment-15272110
]
Emmanuel Lecharny commented on DIRSERVER-2043:
----------------------------------------------
It's possible that Studio has a bug, and inject the wrong protocolVersion in
the server's configuration. I will investigate that asap.
Now, as a workaround, you should be able to change this configuration by
modifying the file that contains the {{ads-enabledProtocol}} strings on the
server. It's {{ldapServer.ldif}}, you should typically see :
{norformat}
...
dn:
ads-transportid=ldaps,ou=transports,ads-serverId=ldapServer,ou=servers,ads-directoryServiceId=default,ou=config
ads-systemport: 10636
ads-transportenablessl: true
ads-transportaddress: localhost
ads-transportid: ldaps
ads-needClientAuth: false
ads-wantClientAuth: true
ads-enabledCiphers: ...
ads-enabledProtocols: TLSV1
ads-enabledProtocols: TLSV1.1
ads-enabledProtocols: TLSV1.2
objectclass: ads-transport
objectclass: ads-tcpTransport
objectclass: top
ads-enabled: true
...
{noformat}
Otherwise, I strongly suggest you only keep TLSv1.2...
> SSL connection failures errors are useless
> ------------------------------------------
>
> Key: DIRSERVER-2043
> URL: https://issues.apache.org/jira/browse/DIRSERVER-2043
> Project: Directory ApacheDS
> Issue Type: Bug
> Affects Versions: 2.0.0-M19
> Reporter: Roy Wellington
> Priority: Minor
>
> When connecting, if StartTLS fails, you get an error such as the following:
> {noformat}
> Error while opening connection
> - SSL handshake failed.
> org.apache.directory.ldap.client.api.exception.InvalidConnectionException:
> SSL handshake failed.
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.writeRequest(LdapNetworkConnection.java:3939)
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1178)
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1076)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:368)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1175)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:460)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:306)
> at
> org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.run(OpenConnectionsRunnable.java:114)
> at
> org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109)
> at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54)
> SSL handshake failed.
> {noformat}
> But _why_ did the SSL handshake fail? I don't need the stack trace, I need to
> know what exactly failed, something like what Firefox/Chrome do on SSL
> failures. I'm trying to debug this right now, and I have absolutely no idea
> what's going on here.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
