[
https://issues.apache.org/jira/browse/DIRSERVER-2318?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18058545#comment-18058545
]
Emmanuel Lécharny commented on DIRSERVER-2318:
----------------------------------------------
You have to modify the {{ApacheDirectoryStudio.ini}} file, adding a line in it,
like the one in :
{code:java}
...
-vmargs
-Dosgi.requiredJavaVersion=11
-Djavax.net.debug=ssl:handshake <<--------------
...
{code}
Here, it just logs everything related to ssl handshake. You can replace
{{ssl:handshake}} by {{{}all{}}}, but that will be quite verbose.
Note that logs get printed on the console, so better launch
ApacheDirectoryStudio from the command line:
{code:java}
elecharny@elecharny-XPS-13-9340:~/ApacheDirectoryStudio-M16$
./ApacheDirectoryStudio
javax.net.ssl|DEBUG|04|Worker-2: Open Connection|2026-02-13 23:42:49.257
CET|TrustStoreManager.java:162|Inaccessible trust store:
/usr/lib/jvm/java-21-openjdk-amd64/lib/security/jssecacerts
javax.net.ssl|DEBUG|04|Worker-2: Open Connection|2026-02-13 23:42:49.263
CET|TrustStoreManager.java:113|trustStore is:
/usr/lib/jvm/java-21-openjdk-amd64/lib/security/cacerts
trustStore type is: pkcs12
trustStore provider is:
the last modified time is: Mon Nov 24 17:59:00 CET 2025
javax.net.ssl|DEBUG|04|Worker-2: Open Connection|2026-02-13 23:42:49.263
CET|TrustStoreManager.java:333|Reload the trust store
...
(many more lines)
{code}
> StartTLS and LDAPS are not working
> ----------------------------------
>
> Key: DIRSERVER-2318
> URL: https://issues.apache.org/jira/browse/DIRSERVER-2318
> Project: Directory ApacheDS
> Issue Type: Bug
> Components: ldap, security
> Affects Versions: 2.0.0-M24, 2.0.0.AM26
> Environment: Ubuntu 20.04 clean installation used for both client and
> server. Used version 2.0.0~M24-3 from Ubuntu repository and version
> 2.0.0.AM26 deb package from official website. Using openjdk-14-jre and
> openjdk-11-jre from Ubuntu repository. Apache Studio 2.0.0-M15 from website.
> Reporter: Karl Frauendienst
> Priority: Major
> Attachments: Apache_Studio_StartTLS.log
>
>
> Attempting to make a secure LDAP connection results in handshake failure with
> unknown error. No error with unencrypted connections. Tested on two
> separate systems.
> First setup: Ubuntu Server 20.04 with apacheds 2.0.0~M24-3 installed from
> repository. Tried both default-jre (openjdk-11-jre) and openjdk-14-jre.
> Running Apache Studio 2.0.0-M15 from official website on a separate Ubuntu
> Desktop 20.04 system and tested with same two jre versions. On this setup, I
> occasionally got an error stating the key was only 512 bits, so I used
> keytool according to the ApacheDS getting started guide to create and use a
> 2048 bit keypair. Following that I only get the handshake failure.
> Second setup: Ubuntu Desktop 20.04 running openjdk-14-jre with ApacheDS
> 2.0.0.AM26 deb pkg and Apache Studio 2.0.0-M15 from official website. This
> produces the handshake error. I believe the issue is server side because I
> can produce a similar handshake error using ldapsearch. It works fine
> unencrypted, but fails using either StartTLS on port 10389 or LDAPS on 10636.
> I did not replace the keypair in this setup. This setup occasionally will
> work with StartTLS and LDAPS but will seemingly work or not work
> intermittently with no configuration changes being made.
> I have tested with Apache Studio SSL verification both enabled and disabled
> in both cases.
> Errors produced include:
> !MESSAGE Improper close state: Status = OK HandshakeStatus = NEED_WRAP
> !MESSAGE The authentication failed
> - ERR_04120_TLS_HANDSHAKE_ERROR The TLS handshake failed, reason: Unspecified
> !MESSAGE
> org.apache.directory.api.ldap.model.exception.LdapTlsHandshakeException:
> ERR_04120_TLS_HANDSHAKE_ERROR The TLS handshake failed, reason: Unspecified
> !MESSAGE ERR_01200_BAD_TRANSITION_FROM_STATE Bad transition from state
> START_STATE, tag 0x15
> !MESSAGE org.apache.directory.api.ldap.codec.api.ResponseCarryingException:
> ERR_01200_BAD_TRANSITION_FROM_STATE Bad transition from state START_STATE,
> tag 0x15
> !MESSAGE Error while opening connection
> - PROTOCOL_ERROR: The server will disconnect!
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
