Andreas Riddering commented on DIRSERVER-2043:

As i edited in my last answer, i messed up with the title of this ticket and my 
request is about die ADStudio not the server. Sorry for the confusion. So as 
its not ApacheDirServer, but IBM SDS its written in C and the JVM Parameter 
cant be applied.
Nevertheless i did some testing. Installing Java8 leads to some strange 
behaviour, so connection to one of the two servers in charge is possible, but 
not to the other. Versions differ only a little bit. (Remember, with Java7 > 
.85 a connection to non of the two was possible...)

At this point i took openssl and did some tests and while connecting to the 
server with the problems openssl throws up some strange SSL3 "bad record mac" 
errors... Interestingly i don't get those errors, if i put -ssl3 or -tls1 as a 
parameter to openssl.

ldapsearch on cygwin on my local machine also can't connect to the server in 
question, same "bad record mac"-error, but ldapsearch on another linux-server 
is able to connect to both servers...

So my conclusion is, that this unpatched server has some problems with the 
"autonegotation" of the ssl/tls protocol or something like that. So no todo 
left here, but thank you for your input!

> SSL connection failures errors are useless
> ------------------------------------------
>                 Key: DIRSERVER-2043
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-2043
>             Project: Directory ApacheDS
>          Issue Type: Bug
>    Affects Versions: 2.0.0-M19
>            Reporter: Roy Wellington
>            Priority: Minor
> When connecting, if StartTLS fails, you get an error such as the following:
> {noformat}
> Error while opening connection
>  - SSL handshake failed.
> org.apache.directory.ldap.client.api.exception.InvalidConnectionException: 
> SSL handshake failed.
>       at 
> org.apache.directory.ldap.client.api.LdapNetworkConnection.writeRequest(LdapNetworkConnection.java:3939)
>       at 
> org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1178)
>       at 
> org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1076)
>       at 
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:368)
>       at 
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1175)
>       at 
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:460)
>       at 
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:306)
>       at 
> org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.run(OpenConnectionsRunnable.java:114)
>       at 
> org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109)
>       at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54)
> SSL handshake failed.
> {noformat}
> But _why_ did the SSL handshake fail? I don't need the stack trace, I need to 
> know what exactly failed, something like what Firefox/Chrome do on SSL 
> failures. I'm trying to debug this right now, and I have absolutely no idea 
> what's going on here.

This message was sent by Atlassian JIRA

Reply via email to