[
https://issues.apache.org/jira/browse/DIRSERVER-2223?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16391498#comment-16391498
]
Martin Choma commented on DIRSERVER-2223:
-----------------------------------------
Thank yout very much. I will have a look.
I have tried it with Java9 and works good for me, except of this issue.
When Java9 will finish there will be Java10, which will be "same". So this
issue should be rather titled with 9+ to keep valid ;)
> JDK 9 ldaps does not work
> -------------------------
>
> Key: DIRSERVER-2223
> URL: https://issues.apache.org/jira/browse/DIRSERVER-2223
> Project: Directory ApacheDS
> Issue Type: Bug
> Affects Versions: 2.0.0-M24
> Reporter: Martin Choma
> Priority: Major
>
> I have migrated from JDK 8 to JDK 9. I started to get {noformat}no cipher
> suites in common{noformat}.
> I am using org.apache.directory.api as a client connecting to ApacheDS
> ldaps://localhost:10636 url.
> I get
> {code}
> *** ClientHello, TLSv1.2
> RandomCookie: random_bytes = {FD 5B C5 87 7A 4B 58 AC BB BB 1D 62 6C BB DF
> CC 12 8F F3 3D 0B 57 EA B5 AC AA 7C E0 94 C6 98 EE}
> Session ID: {}
> Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384,
> TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
> TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256,
> TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256,
> TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
> TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
> TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
> TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256,
> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
> TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
> TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
> TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
> SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
> TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
> Compression Methods: { 0 }
> Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1,
> sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1}
> Extension ec_point_formats, formats: [uncompressed]
> Extension signature_algorithms, signature_algorithms: SHA512withECDSA,
> SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA,
> SHA256withRSA, SHA256withDSA, SHA224withECDSA, SHA224withRSA, SHA224withDSA,
> SHA1withECDSA, SHA1withRSA, SHA1withDSA
> Extension status_request_v2
> CertStatusReqItemV2: ocsp_multi, OCSPStatusRequest
> ResponderIds: <EMPTY>
> Extensions: <EMPTY>
> CertStatusReqItemV2: ocsp, OCSPStatusRequest
> ResponderIds: <EMPTY>
> Extensions: <EMPTY>
> Extension status_request: ocsp, OCSPStatusRequest
> ResponderIds: <EMPTY>
> Extensions: <EMPTY>
> ***
> %% Initialized: [Session-4, SSL_NULL_WITH_NULL_NULL]
> NioProcessor-6, fatal error: 40: no cipher suites in common
> javax.net.ssl.SSLHandshakeException: no cipher suites in common
> %% Invalidated: [Session-4, SSL_NULL_WITH_NULL_NULL]
> NioProcessor-6, fatal: engine already closed. Rethrowing
> javax.net.ssl.SSLHandshakeException: no cipher suites in common
> 10:48:16,382 WARN [org.apache.directory.server.ldap.LdapProtocolHandler]
> (NioProcessor-6) Unexpected exception forcing session to close: sending
> disconnect notice to client.: javax.net.ssl.SSLHandshakeException: SSL
> handshake failed.
> at
> org.apache.mina.filter.ssl.SslFilter.messageReceived(SslFilter.java:519)
> {code}
> Once I specify on client side
> {code}
> tlsConfig.setEnabledCipherSuites(new String[] {
> "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
> "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
> "TLS_RSA_WITH_AES_256_CBC_SHA256",
> "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384",
> "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384",
> "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
> "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256",
> "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
> "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
> "TLS_RSA_WITH_AES_256_CBC_SHA",
> "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
> "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",
> "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
> "TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
> "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
> "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
> "TLS_RSA_WITH_AES_128_CBC_SHA256",
> "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256",
> "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256",
> "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
> "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256",
> "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
> "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
> "TLS_RSA_WITH_AES_128_CBC_SHA",
> "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
> "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
> "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
> "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
> "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
> "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
> "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
> "TLS_RSA_WITH_AES_256_GCM_SHA384",
> "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384",
> "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384",
> "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
> "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384",
> "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
> "TLS_RSA_WITH_AES_128_GCM_SHA256",
> "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
> "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",
> "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
> "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256",
> "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
> "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
> "SSL_RSA_WITH_3DES_EDE_CBC_SHA",
> "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",
> "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
> "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
> "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
> "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
> "TLS_DH_anon_WITH_AES_256_GCM_SHA384",
> "TLS_DH_anon_WITH_AES_128_GCM_SHA256",
> "TLS_DH_anon_WITH_AES_256_CBC_SHA256",
> "TLS_ECDH_anon_WITH_AES_256_CBC_SHA",
> "TLS_DH_anon_WITH_AES_256_CBC_SHA",
> "TLS_DH_anon_WITH_AES_128_CBC_SHA256",
> "TLS_ECDH_anon_WITH_AES_128_CBC_SHA",
> "TLS_DH_anon_WITH_AES_128_CBC_SHA",
> "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA",
> "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA",
> "SSL_RSA_WITH_DES_CBC_SHA", "SSL_DHE_RSA_WITH_DES_CBC_SHA",
> "SSL_DHE_DSS_WITH_DES_CBC_SHA",
> "SSL_DH_anon_WITH_DES_CBC_SHA", "TLS_RSA_WITH_NULL_SHA256",
> "TLS_ECDHE_ECDSA_WITH_NULL_SHA",
> "TLS_ECDHE_RSA_WITH_NULL_SHA", "SSL_RSA_WITH_NULL_SHA",
> "TLS_ECDH_ECDSA_WITH_NULL_SHA", "TLS_ECDH_RSA_WITH_NULL_SHA",
> "TLS_ECDH_anon_WITH_NULL_SHA",
> "SSL_RSA_WITH_NULL_MD5", "TLS_KRB5_WITH_3DES_EDE_CBC_SHA",
> "TLS_KRB5_WITH_3DES_EDE_CBC_MD5",
> "TLS_KRB5_WITH_DES_CBC_SHA", "TLS_KRB5_WITH_DES_CBC_MD5" });
> {code}
> Both nodes can agree on TLS_DH_anon_WITH_AES_256_GCM_SHA384.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
