[jira] [Commented] (DIRSERVER-2043) SSL connection failures errors are useless
[ https://issues.apache.org/jira/browse/DIRSERVER-2043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15584959#comment-15584959 ] Andreas Riddering commented on DIRSERVER-2043: -- As i edited in my last answer, i messed up with the title of this ticket and my request is about die ADStudio not the server. Sorry for the confusion. So as its not ApacheDirServer, but IBM SDS its written in C and the JVM Parameter cant be applied. Nevertheless i did some testing. Installing Java8 leads to some strange behaviour, so connection to one of the two servers in charge is possible, but not to the other. Versions differ only a little bit. (Remember, with Java7 > .85 a connection to non of the two was possible...) At this point i took openssl and did some tests and while connecting to the server with the problems openssl throws up some strange SSL3 "bad record mac" errors... Interestingly i don't get those errors, if i put -ssl3 or -tls1 as a parameter to openssl. ldapsearch on cygwin on my local machine also can't connect to the server in question, same "bad record mac"-error, but ldapsearch on another linux-server is able to connect to both servers... So my conclusion is, that this unpatched server has some problems with the "autonegotation" of the ssl/tls protocol or something like that. So no todo left here, but thank you for your input! > SSL connection failures errors are useless > -- > > Key: DIRSERVER-2043 > URL: https://issues.apache.org/jira/browse/DIRSERVER-2043 > Project: Directory ApacheDS > Issue Type: Bug >Affects Versions: 2.0.0-M19 >Reporter: Roy Wellington >Priority: Minor > > When connecting, if StartTLS fails, you get an error such as the following: > {noformat} > Error while opening connection > - SSL handshake failed. > org.apache.directory.ldap.client.api.exception.InvalidConnectionException: > SSL handshake failed. > at > org.apache.directory.ldap.client.api.LdapNetworkConnection.writeRequest(LdapNetworkConnection.java:3939) > at > org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1178) > at > org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1076) > at > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:368) > at > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1175) > at > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:460) > at > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:306) > at > org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.run(OpenConnectionsRunnable.java:114) > at > org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109) > at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54) > SSL handshake failed. > {noformat} > But _why_ did the SSL handshake fail? I don't need the stack trace, I need to > know what exactly failed, something like what Firefox/Chrome do on SSL > failures. I'm trying to debug this right now, and I have absolutely no idea > what's going on here. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (DIRSERVER-2043) SSL connection failures errors are useless
[ https://issues.apache.org/jira/browse/DIRSERVER-2043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15548762#comment-15548762 ] Emmanuel Lecharny commented on DIRSERVER-2043: -- It's hard for me to give you an answer. The truth is that people are using Studio with Java 6 (EOL feb 2013), Java 7 (EOL apr 2015) and Java 8 (EOL 2017). Each of those versions may be supported by Oracle past there EOL through a paying subscription, something we don't do. That means we depend on the latest versions, ie Java 8 as of today. We test Studio with the latest Java 8 build (which is for me java version "1.8.0_102"). Oracle release new versions almost every 2 months, with patches, fixes and changes, that makes the thing quite hard for us to test all of them (FTR, there were 17 java 7 releases in 4 years, and 15 java 8 releases in 2 years). When it comes to the security parts, there were a hell lot of changes, with old ciphers being desactivated (RC4, for instance, was disabled in 8u51 and 7u85). Now, Studio depends on the Java version you are using, and it also depends on the server you are using, and how it is configured. Without those informations, there is little we can do... > SSL connection failures errors are useless > -- > > Key: DIRSERVER-2043 > URL: https://issues.apache.org/jira/browse/DIRSERVER-2043 > Project: Directory ApacheDS > Issue Type: Bug >Affects Versions: 2.0.0-M19 >Reporter: Roy Wellington >Priority: Minor > > When connecting, if StartTLS fails, you get an error such as the following: > {noformat} > Error while opening connection > - SSL handshake failed. > org.apache.directory.ldap.client.api.exception.InvalidConnectionException: > SSL handshake failed. > at > org.apache.directory.ldap.client.api.LdapNetworkConnection.writeRequest(LdapNetworkConnection.java:3939) > at > org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1178) > at > org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1076) > at > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:368) > at > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1175) > at > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:460) > at > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:306) > at > org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.run(OpenConnectionsRunnable.java:114) > at > org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109) > at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54) > SSL handshake failed. > {noformat} > But _why_ did the SSL handshake fail? I don't need the stack trace, I need to > know what exactly failed, something like what Firefox/Chrome do on SSL > failures. I'm trying to debug this right now, and I have absolutely no idea > what's going on here. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (DIRSERVER-2043) SSL connection failures errors are useless
[ https://issues.apache.org/jira/browse/DIRSERVER-2043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15548503#comment-15548503 ] Andreas Riddering commented on DIRSERVER-2043: -- I could give it a try later on, if its possible to test this on the test-environment. But as there are serveral hundrets of people using the prouctive env and as its configured with HA stuff and so on, it won't be possible to change this within a short matter of time. I am just wondering, why ADS is working fine with an older Java-Version, but refuses to connect to the same server when working with a newer version. There must be something, thats taking into account?!? As i did some testing, your supposal with TLSv1.1 could solve our problem. I tried to connect to the (older) server with tls1_1 via openssl, and it didnt work. Using a newer server, which supports TLS1.1 and 1.2 can be connected to via ADS and newer JavaVersion. So, is it possible to start ADS (with newer Java Version) with TLS1(.0) Support enabled? For the short term it only needs to use the older java version or has tls1(.0) support enabled. Couldn't find out how this is possible... > SSL connection failures errors are useless > -- > > Key: DIRSERVER-2043 > URL: https://issues.apache.org/jira/browse/DIRSERVER-2043 > Project: Directory ApacheDS > Issue Type: Bug >Affects Versions: 2.0.0-M19 >Reporter: Roy Wellington >Priority: Minor > > When connecting, if StartTLS fails, you get an error such as the following: > {noformat} > Error while opening connection > - SSL handshake failed. > org.apache.directory.ldap.client.api.exception.InvalidConnectionException: > SSL handshake failed. > at > org.apache.directory.ldap.client.api.LdapNetworkConnection.writeRequest(LdapNetworkConnection.java:3939) > at > org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1178) > at > org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1076) > at > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:368) > at > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1175) > at > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:460) > at > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:306) > at > org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.run(OpenConnectionsRunnable.java:114) > at > org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109) > at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54) > SSL handshake failed. > {noformat} > But _why_ did the SSL handshake fail? I don't need the stack trace, I need to > know what exactly failed, something like what Firefox/Chrome do on SSL > failures. I'm trying to debug this right now, and I have absolutely no idea > what's going on here. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (DIRSERVER-2043) SSL connection failures errors are useless
[ https://issues.apache.org/jira/browse/DIRSERVER-2043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15545432#comment-15545432 ] Emmanuel Lecharny commented on DIRSERVER-2043: -- Have you tried to start the server with {{-Ddeployment.security.TLSv1.1=true}} as a parameter of the JVM ? > SSL connection failures errors are useless > -- > > Key: DIRSERVER-2043 > URL: https://issues.apache.org/jira/browse/DIRSERVER-2043 > Project: Directory ApacheDS > Issue Type: Bug >Affects Versions: 2.0.0-M19 >Reporter: Roy Wellington >Priority: Minor > > When connecting, if StartTLS fails, you get an error such as the following: > {noformat} > Error while opening connection > - SSL handshake failed. > org.apache.directory.ldap.client.api.exception.InvalidConnectionException: > SSL handshake failed. > at > org.apache.directory.ldap.client.api.LdapNetworkConnection.writeRequest(LdapNetworkConnection.java:3939) > at > org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1178) > at > org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1076) > at > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:368) > at > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1175) > at > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:460) > at > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:306) > at > org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.run(OpenConnectionsRunnable.java:114) > at > org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109) > at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54) > SSL handshake failed. > {noformat} > But _why_ did the SSL handshake fail? I don't need the stack trace, I need to > know what exactly failed, something like what Firefox/Chrome do on SSL > failures. I'm trying to debug this right now, and I have absolutely no idea > what's going on here. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (DIRSERVER-2043) SSL connection failures errors are useless
[ https://issues.apache.org/jira/browse/DIRSERVER-2043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15545241#comment-15545241 ] Andreas Riddering commented on DIRSERVER-2043: -- We have had this issue after an upgrade of the Java Version. With Java 7.0.850.1 everthing is fine, with 7.0.990.1 as with 7.0.1110.0 we get the error discribed above. Is there any change between the Java Versions, that ADS uses for the SSL Connection? Today we need to work in an productive environment with and outdated Java version. Somehow thats not that good... As those Servers are productive and connected to many other systems, we simply can't fix this issue server side. > SSL connection failures errors are useless > -- > > Key: DIRSERVER-2043 > URL: https://issues.apache.org/jira/browse/DIRSERVER-2043 > Project: Directory ApacheDS > Issue Type: Bug >Affects Versions: 2.0.0-M19 >Reporter: Roy Wellington >Priority: Minor > > When connecting, if StartTLS fails, you get an error such as the following: > {noformat} > Error while opening connection > - SSL handshake failed. > org.apache.directory.ldap.client.api.exception.InvalidConnectionException: > SSL handshake failed. > at > org.apache.directory.ldap.client.api.LdapNetworkConnection.writeRequest(LdapNetworkConnection.java:3939) > at > org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1178) > at > org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1076) > at > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:368) > at > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1175) > at > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:460) > at > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:306) > at > org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.run(OpenConnectionsRunnable.java:114) > at > org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109) > at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54) > SSL handshake failed. > {noformat} > But _why_ did the SSL handshake fail? I don't need the stack trace, I need to > know what exactly failed, something like what Firefox/Chrome do on SSL > failures. I'm trying to debug this right now, and I have absolutely no idea > what's going on here. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (DIRSERVER-2043) SSL connection failures errors are useless
[ https://issues.apache.org/jira/browse/DIRSERVER-2043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15272217#comment-15272217 ] Emmanuel Lecharny commented on DIRSERVER-2043: -- {{TLSv1.2}} > SSL connection failures errors are useless > -- > > Key: DIRSERVER-2043 > URL: https://issues.apache.org/jira/browse/DIRSERVER-2043 > Project: Directory ApacheDS > Issue Type: Bug >Affects Versions: 2.0.0-M19 >Reporter: Roy Wellington >Priority: Minor > > When connecting, if StartTLS fails, you get an error such as the following: > {noformat} > Error while opening connection > - SSL handshake failed. > org.apache.directory.ldap.client.api.exception.InvalidConnectionException: > SSL handshake failed. > at > org.apache.directory.ldap.client.api.LdapNetworkConnection.writeRequest(LdapNetworkConnection.java:3939) > at > org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1178) > at > org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1076) > at > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:368) > at > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1175) > at > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:460) > at > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:306) > at > org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.run(OpenConnectionsRunnable.java:114) > at > org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109) > at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54) > SSL handshake failed. > {noformat} > But _why_ did the SSL handshake fail? I don't need the stack trace, I need to > know what exactly failed, something like what Firefox/Chrome do on SSL > failures. I'm trying to debug this right now, and I have absolutely no idea > what's going on here. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (DIRSERVER-2043) SSL connection failures errors are useless
[ https://issues.apache.org/jira/browse/DIRSERVER-2043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15272207#comment-15272207 ] Robert Campbell commented on DIRSERVER-2043: {{TLSV1.2}} or {{TLSv1.2}} ? > SSL connection failures errors are useless > -- > > Key: DIRSERVER-2043 > URL: https://issues.apache.org/jira/browse/DIRSERVER-2043 > Project: Directory ApacheDS > Issue Type: Bug >Affects Versions: 2.0.0-M19 >Reporter: Roy Wellington >Priority: Minor > > When connecting, if StartTLS fails, you get an error such as the following: > {noformat} > Error while opening connection > - SSL handshake failed. > org.apache.directory.ldap.client.api.exception.InvalidConnectionException: > SSL handshake failed. > at > org.apache.directory.ldap.client.api.LdapNetworkConnection.writeRequest(LdapNetworkConnection.java:3939) > at > org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1178) > at > org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1076) > at > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:368) > at > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1175) > at > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:460) > at > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:306) > at > org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.run(OpenConnectionsRunnable.java:114) > at > org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109) > at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54) > SSL handshake failed. > {noformat} > But _why_ did the SSL handshake fail? I don't need the stack trace, I need to > know what exactly failed, something like what Firefox/Chrome do on SSL > failures. I'm trying to debug this right now, and I have absolutely no idea > what's going on here. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (DIRSERVER-2043) SSL connection failures errors are useless
[ https://issues.apache.org/jira/browse/DIRSERVER-2043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15272110#comment-15272110 ] Emmanuel Lecharny commented on DIRSERVER-2043: -- It's possible that Studio has a bug, and inject the wrong protocolVersion in the server's configuration. I will investigate that asap. Now, as a workaround, you should be able to change this configuration by modifying the file that contains the {{ads-enabledProtocol}} strings on the server. It's {{ldapServer.ldif}}, you should typically see : {norformat} ... dn: ads-transportid=ldaps,ou=transports,ads-serverId=ldapServer,ou=servers,ads-directoryServiceId=default,ou=config ads-systemport: 10636 ads-transportenablessl: true ads-transportaddress: localhost ads-transportid: ldaps ads-needClientAuth: false ads-wantClientAuth: true ads-enabledCiphers: ... ads-enabledProtocols: TLSV1 ads-enabledProtocols: TLSV1.1 ads-enabledProtocols: TLSV1.2 objectclass: ads-transport objectclass: ads-tcpTransport objectclass: top ads-enabled: true ... {noformat} Otherwise, I strongly suggest you only keep TLSv1.2... > SSL connection failures errors are useless > -- > > Key: DIRSERVER-2043 > URL: https://issues.apache.org/jira/browse/DIRSERVER-2043 > Project: Directory ApacheDS > Issue Type: Bug >Affects Versions: 2.0.0-M19 >Reporter: Roy Wellington >Priority: Minor > > When connecting, if StartTLS fails, you get an error such as the following: > {noformat} > Error while opening connection > - SSL handshake failed. > org.apache.directory.ldap.client.api.exception.InvalidConnectionException: > SSL handshake failed. > at > org.apache.directory.ldap.client.api.LdapNetworkConnection.writeRequest(LdapNetworkConnection.java:3939) > at > org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1178) > at > org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1076) > at > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:368) > at > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1175) > at > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:460) > at > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:306) > at > org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.run(OpenConnectionsRunnable.java:114) > at > org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109) > at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54) > SSL handshake failed. > {noformat} > But _why_ did the SSL handshake fail? I don't need the stack trace, I need to > know what exactly failed, something like what Firefox/Chrome do on SSL > failures. I'm trying to debug this right now, and I have absolutely no idea > what's going on here. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (DIRSERVER-2043) SSL connection failures errors are useless
[ https://issues.apache.org/jira/browse/DIRSERVER-2043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15272059#comment-15272059 ] Robert Campbell commented on DIRSERVER-2043: from the command line ldapsearch -x -b "dc=westfieldhealth,dc=com" -D 'uid=admin,ou=system' -H 'ldap://127.0.0.1:10389' -v -w 'secret' -ZZ ldap_initialize( ldap://127.0.0.1:10389/??base ) ldap_start_tls: Connect error (-11) additional info: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol > SSL connection failures errors are useless > -- > > Key: DIRSERVER-2043 > URL: https://issues.apache.org/jira/browse/DIRSERVER-2043 > Project: Directory ApacheDS > Issue Type: Bug >Affects Versions: 2.0.0-M19 >Reporter: Roy Wellington >Priority: Minor > > When connecting, if StartTLS fails, you get an error such as the following: > {noformat} > Error while opening connection > - SSL handshake failed. > org.apache.directory.ldap.client.api.exception.InvalidConnectionException: > SSL handshake failed. > at > org.apache.directory.ldap.client.api.LdapNetworkConnection.writeRequest(LdapNetworkConnection.java:3939) > at > org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1178) > at > org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1076) > at > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:368) > at > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1175) > at > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:460) > at > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:306) > at > org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.run(OpenConnectionsRunnable.java:114) > at > org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109) > at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54) > SSL handshake failed. > {noformat} > But _why_ did the SSL handshake fail? I don't need the stack trace, I need to > know what exactly failed, something like what Firefox/Chrome do on SSL > failures. I'm trying to debug this right now, and I have absolutely no idea > what's going on here. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (DIRSERVER-2043) SSL connection failures errors are useless
[ https://issues.apache.org/jira/browse/DIRSERVER-2043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15272052#comment-15272052 ] Robert Campbell commented on DIRSERVER-2043: This is a default install of the ADS and Studio on the Mac, used for development, testing and learning. We were about to move to production server and have had a Centos instance running as well, all using 10386 not encrypted for ease of use. Now we're migrating to production and adding SSL/TLS things aren't working as expected on both instances. The only changes I have done is to check the boxes in DS GUI to enable TLS 1.0, 1.1, 1.2 . But you are correct in that all three of the settings are like {{ads-enabledprotocols =TLSV1.2}} i.e. capitalised, however changing these to {{TLSv1.2}} etc. does not seem to make a difference, except I'm back to the short error message. Error while opening connection - SSL handshake failed. org.apache.directory.ldap.client.api.exception.InvalidConnectionException: SSL handshake failed. at org.apache.directory.ldap.client.api.LdapNetworkConnection.writeRequest(LdapNetworkConnection.java:4149) at org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1300) at org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1198) at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:365) at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1171) at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:457) at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:303) at org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.run(OpenConnectionsRunnable.java:114) at org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109) at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54) SSL handshake failed. > SSL connection failures errors are useless > -- > > Key: DIRSERVER-2043 > URL: https://issues.apache.org/jira/browse/DIRSERVER-2043 > Project: Directory ApacheDS > Issue Type: Bug >Affects Versions: 2.0.0-M19 >Reporter: Roy Wellington >Priority: Minor > > When connecting, if StartTLS fails, you get an error such as the following: > {noformat} > Error while opening connection > - SSL handshake failed. > org.apache.directory.ldap.client.api.exception.InvalidConnectionException: > SSL handshake failed. > at > org.apache.directory.ldap.client.api.LdapNetworkConnection.writeRequest(LdapNetworkConnection.java:3939) > at > org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1178) > at > org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1076) > at > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:368) > at > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1175) > at > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:460) > at > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:306) > at > org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.run(OpenConnectionsRunnable.java:114) > at > org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109) > at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54) > SSL handshake failed. > {noformat} > But _why_ did the SSL handshake fail? I don't need the stack trace, I need to > know what exactly failed, something like what Firefox/Chrome do on SSL > failures. I'm trying to debug this right now, and I have absolutely no idea > what's going on here. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (DIRSERVER-2043) SSL connection failures errors are useless
[ https://issues.apache.org/jira/browse/DIRSERVER-2043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15271530#comment-15271530 ] Emmanuel Lecharny commented on DIRSERVER-2043: -- Have you changed the {{ads-enabledProtocols}} configuration element on the server ? Can you check that in the {{ads-transportid=ldaps,ou=transports,ads-serverId=ldapServer,ou=servers,ads-directoryServiceId=default,ou=confiig}} file ? > SSL connection failures errors are useless > -- > > Key: DIRSERVER-2043 > URL: https://issues.apache.org/jira/browse/DIRSERVER-2043 > Project: Directory ApacheDS > Issue Type: Bug >Affects Versions: 2.0.0-M19 >Reporter: Roy Wellington >Priority: Minor > > When connecting, if StartTLS fails, you get an error such as the following: > {noformat} > Error while opening connection > - SSL handshake failed. > org.apache.directory.ldap.client.api.exception.InvalidConnectionException: > SSL handshake failed. > at > org.apache.directory.ldap.client.api.LdapNetworkConnection.writeRequest(LdapNetworkConnection.java:3939) > at > org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1178) > at > org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1076) > at > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:368) > at > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1175) > at > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:460) > at > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:306) > at > org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.run(OpenConnectionsRunnable.java:114) > at > org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109) > at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54) > SSL handshake failed. > {noformat} > But _why_ did the SSL handshake fail? I don't need the stack trace, I need to > know what exactly failed, something like what Firefox/Chrome do on SSL > failures. I'm trying to debug this right now, and I have absolutely no idea > what's going on here. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (DIRSERVER-2043) SSL connection failures errors are useless
[ https://issues.apache.org/jira/browse/DIRSERVER-2043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15271467#comment-15271467 ] Robert Campbell commented on DIRSERVER-2043: So who's doing that and how can it be corrected? > SSL connection failures errors are useless > -- > > Key: DIRSERVER-2043 > URL: https://issues.apache.org/jira/browse/DIRSERVER-2043 > Project: Directory ApacheDS > Issue Type: Bug >Affects Versions: 2.0.0-M19 >Reporter: Roy Wellington >Priority: Minor > > When connecting, if StartTLS fails, you get an error such as the following: > {noformat} > Error while opening connection > - SSL handshake failed. > org.apache.directory.ldap.client.api.exception.InvalidConnectionException: > SSL handshake failed. > at > org.apache.directory.ldap.client.api.LdapNetworkConnection.writeRequest(LdapNetworkConnection.java:3939) > at > org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1178) > at > org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1076) > at > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:368) > at > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1175) > at > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:460) > at > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:306) > at > org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.run(OpenConnectionsRunnable.java:114) > at > org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109) > at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54) > SSL handshake failed. > {noformat} > But _why_ did the SSL handshake fail? I don't need the stack trace, I need to > know what exactly failed, something like what Firefox/Chrome do on SSL > failures. I'm trying to debug this right now, and I have absolutely no idea > what's going on here. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (DIRSERVER-2043) SSL connection failures errors are useless
[ https://issues.apache.org/jira/browse/DIRSERVER-2043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15271053#comment-15271053 ] Emmanuel Lecharny commented on DIRSERVER-2043: -- Clearly, the ProtocolVersion is incorrect. It should be {{TLSv1}}, not {{TLSV1}}. > SSL connection failures errors are useless > -- > > Key: DIRSERVER-2043 > URL: https://issues.apache.org/jira/browse/DIRSERVER-2043 > Project: Directory ApacheDS > Issue Type: Bug >Affects Versions: 2.0.0-M19 >Reporter: Roy Wellington >Priority: Minor > > When connecting, if StartTLS fails, you get an error such as the following: > {noformat} > Error while opening connection > - SSL handshake failed. > org.apache.directory.ldap.client.api.exception.InvalidConnectionException: > SSL handshake failed. > at > org.apache.directory.ldap.client.api.LdapNetworkConnection.writeRequest(LdapNetworkConnection.java:3939) > at > org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1178) > at > org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1076) > at > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:368) > at > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1175) > at > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:460) > at > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:306) > at > org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.run(OpenConnectionsRunnable.java:114) > at > org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109) > at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54) > SSL handshake failed. > {noformat} > But _why_ did the SSL handshake fail? I don't need the stack trace, I need to > know what exactly failed, something like what Firefox/Chrome do on SSL > failures. I'm trying to debug this right now, and I have absolutely no idea > what's going on here. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (DIRSERVER-2043) SSL connection failures errors are useless
[ https://issues.apache.org/jira/browse/DIRSERVER-2043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15270985#comment-15270985 ] Robert Campbell commented on DIRSERVER-2043: This is error from command line Robert-Campbells-MacBook-Pro:~ robertcampbell$ ldapsearch -x -b "dc=westfieldhealth,dc=com" -D 'uid=admin,ou=system' -H 'ldap://127.0.0.1:10389' -v -w 'secret' -ZZ ldap_initialize( ldap://127.0.0.1:10389/??base ) ldap_start_tls: Other (e.g., implementation specific) error (80) additional info: OTHER: Extended operation handler for the specified EXTENSION_OID (1.3.6.1.4.1.1466.20037) has failed to process your request: org.apache.mina.core.filterchain.IoFilterLifeCycleException: onPreAdd(): sslFilter:SslFilter in (0x0003: nio socket, server, /127.0.0.1:50879 => /127.0.0.1:10389) at org.apache.mina.core.filterchain.DefaultIoFilterChain.register(DefaultIoFilterChain.java:383) at org.apache.mina.core.filterchain.DefaultIoFilterChain.addFirst(DefaultIoFilterChain.java:184) at org.apache.directory.server.ldap.handlers.extended.StartTlsHandler.handleExtendedOperation(StartTlsHandler.java:128) at org.apache.directory.server.ldap.handlers.request.ExtendedRequestHandler.handle(ExtendedRequestHandler.java:64) at org.apache.directory.server.ldap.handlers.request.ExtendedRequestHandler.handle(ExtendedRequestHandler.java:39) at org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:222) at org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:56) at org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:221) at org.apache.directory.server.ldap.LdapProtocolHandler.messageReceived(LdapProtocolHandler.java:216) at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:854) at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:542) at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1300(DefaultIoFilterChain.java:48) at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:943) at org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:74) at org.apache.mina.core.session.IoEvent.run(IoEvent.java:63) at org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.runTask(UnorderedThreadPoolExecutor.java:475) at org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.run(UnorderedThreadPoolExecutor.java:429) at java.lang.Thread.run(Thread.java:745) Caused by: java.lang.IllegalArgumentException: TLSV1 at sun.security.ssl.ProtocolVersion.valueOf(ProtocolVersion.java:187) at sun.security.ssl.ProtocolList.convert(ProtocolList.java:84) at sun.security.ssl.ProtocolList.(ProtocolList.java:52) at sun.security.ssl.SSLEngineImpl.setEnabledProtocols(SSLEngineImpl.java:2081) at org.apache.mina.filter.ssl.SslHandler.init(SslHandler.java:176) at org.apache.mina.filter.ssl.SslFilter.onPreAdd(SslFilter.java:427) at org.apache.mina.core.filterchain.DefaultIoFilterChain.register(DefaultIoFilterChain.java:381) ... 17 more > SSL connection failures errors are useless > -- > > Key: DIRSERVER-2043 > URL: https://issues.apache.org/jira/browse/DIRSERVER-2043 > Project: Directory ApacheDS > Issue Type: Bug >Affects Versions: 2.0.0-M19 >Reporter: Roy Wellington >Priority: Minor > > When connecting, if StartTLS fails, you get an error such as the following: > {noformat} > Error while opening connection > - SSL handshake failed. > org.apache.directory.ldap.client.api.exception.InvalidConnectionException: > SSL handshake failed. > at > org.apache.directory.ldap.client.api.LdapNetworkConnection.writeRequest(LdapNetworkConnection.java:3939) > at > org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1178) > at > org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1076) > at > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:368) > at > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1175) > at > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:460) > at >
[jira] [Commented] (DIRSERVER-2043) SSL connection failures errors are useless
[ https://issues.apache.org/jira/browse/DIRSERVER-2043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15270977#comment-15270977 ] Robert Campbell commented on DIRSERVER-2043: I did this with my Mac, assuming the wrapper.conf file was the place to add the debug parameters you proposed. bq. # Application parameters. Add parameters as needed starting from 1 wrapper.app.parameter.1=%INSTANCE_DIRECTORY% wrapper.app.parameter.2=-Djavax.net.debug=ssl:handshake error seems to correspond with command line error message I got while using ldapsearch instread of just a connection using DS Studio Error while opening connection - OTHER: Extended operation handler for the specified EXTENSION_OID (1.3.6.1.4.1.1466.20037) has failed to process your request org.apache.directory.api.ldap.model.exception.LdapOperationException: OTHER: Extended operation handler for the specified EXTENSION_OID (1.3.6.1.4.1.1466.20037) has failed to process your request: org.apache.mina.core.filterchain.IoFilterLifeCycleException: onPreAdd(): sslFilter:SslFilter in (0x0001: nio socket, server, /127.0.0.1:50699 => /127.0.0.1:10389) at org.apache.mina.core.filterchain.DefaultIoFilterChain.register(DefaultIoFilterChain.java:383) at org.apache.mina.core.filterchain.DefaultIoFilterChain.addFirst(DefaultIoFilterChain.java:184) at org.apache.directory.server.ldap.handlers.extended.StartTlsHandler.handleExtendedOperation(StartTlsHandler.java:128) at org.apache.directory.server.ldap.handlers.request.ExtendedRequestHandler.handle(ExtendedRequestHandler.java:64) at org.apache.directory.server.ldap.handlers.request.ExtendedRequestHandler.handle(ExtendedRequestHandler.java:39) at org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:222) at org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:56) at org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:221) at org.apache.directory.server.ldap.LdapProtocolHandler.messageReceived(LdapProtocolHandler.java:216) at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:854) at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:542) at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1300(DefaultIoFilterChain.java:48) at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:943) at org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:74) at org.apache.mina.core.session.IoEvent.run(IoEvent.java:63) at org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.runTask(UnorderedThreadPoolExecutor.java:475) at org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.run(UnorderedThreadPoolExecutor.java:429) at java.lang.Thread.run(Thread.java:745) Caused by: java.lang.IllegalArgumentException: TLSV1 at sun.security.ssl.ProtocolVersion.valueOf(ProtocolVersion.java:187) at sun.security.ssl.ProtocolList.convert(ProtocolList.java:84) at sun.security.ssl.ProtocolList.(ProtocolList.java:52) at sun.security.ssl.SSLEngineImpl.setEnabledProtocols(SSLEngineImpl.java:2081) at org.apache.mina.filter.ssl.SslHandler.init(SslHandler.java:176) at org.apache.mina.filter.ssl.SslFilter.onPreAdd(SslFilter.java:427) at org.apache.mina.core.filterchain.DefaultIoFilterChain.register(DefaultIoFilterChain.java:381) ... 17 more at org.apache.directory.ldap.client.api.LdapNetworkConnection.startTls(LdapNetworkConnection.java:3867) at org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1283) at org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1198) at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:365) at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1171) at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:457) at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:303) at org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.run(OpenConnectionsRunnable.java:114) at org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109) at
[jira] [Commented] (DIRSERVER-2043) SSL connection failures errors are useless
[ https://issues.apache.org/jira/browse/DIRSERVER-2043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15270837#comment-15270837 ] Emmanuel Lecharny commented on DIRSERVER-2043: -- May I suggest you start the server with {{-Djavax.net.debug=ssl:handshake.}} as a parameter, to get some information about what's going on during the handshake ? We can't really get anything valuable from the {{SSLEngine}} otherwise... > SSL connection failures errors are useless > -- > > Key: DIRSERVER-2043 > URL: https://issues.apache.org/jira/browse/DIRSERVER-2043 > Project: Directory ApacheDS > Issue Type: Bug >Affects Versions: 2.0.0-M19 >Reporter: Roy Wellington >Priority: Minor > > When connecting, if StartTLS fails, you get an error such as the following: > {noformat} > Error while opening connection > - SSL handshake failed. > org.apache.directory.ldap.client.api.exception.InvalidConnectionException: > SSL handshake failed. > at > org.apache.directory.ldap.client.api.LdapNetworkConnection.writeRequest(LdapNetworkConnection.java:3939) > at > org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1178) > at > org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1076) > at > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:368) > at > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1175) > at > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:460) > at > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:306) > at > org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.run(OpenConnectionsRunnable.java:114) > at > org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109) > at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54) > SSL handshake failed. > {noformat} > But _why_ did the SSL handshake fail? I don't need the stack trace, I need to > know what exactly failed, something like what Firefox/Chrome do on SSL > failures. I'm trying to debug this right now, and I have absolutely no idea > what's going on here. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (DIRSERVER-2043) SSL connection failures errors are useless
[ https://issues.apache.org/jira/browse/DIRSERVER-2043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15270758#comment-15270758 ] Robert Campbell commented on DIRSERVER-2043: So I get the same issue ADS instance on a Mac 10.9.x (also on Centos 6) Connects OK with no encryption Enable encryption at the server properties tab edit connection properties to use either LDAPS or StartTLS and the connection fails See error below. I have trusted the self signed cert for this session java.version=1.8.0_73 ADS Version: 2.0.0.v20151221-M10 org.apache.directory.ldap.client.api.exception.InvalidConnectionException: SSL handshake failed. at org.apache.directory.ldap.client.api.LdapNetworkConnection.writeRequest(LdapNetworkConnection.java:4149) at org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1300) at org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1198) at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:365) at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1171) at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:457) at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:303) at org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.run(OpenConnectionsRunnable.java:114) at org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109) at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54) > SSL connection failures errors are useless > -- > > Key: DIRSERVER-2043 > URL: https://issues.apache.org/jira/browse/DIRSERVER-2043 > Project: Directory ApacheDS > Issue Type: Bug >Affects Versions: 2.0.0-M19 >Reporter: Roy Wellington >Priority: Minor > > When connecting, if StartTLS fails, you get an error such as the following: > {noformat} > Error while opening connection > - SSL handshake failed. > org.apache.directory.ldap.client.api.exception.InvalidConnectionException: > SSL handshake failed. > at > org.apache.directory.ldap.client.api.LdapNetworkConnection.writeRequest(LdapNetworkConnection.java:3939) > at > org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1178) > at > org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1076) > at > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:368) > at > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1175) > at > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:460) > at > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:306) > at > org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.run(OpenConnectionsRunnable.java:114) > at > org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109) > at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54) > SSL handshake failed. > {noformat} > But _why_ did the SSL handshake fail? I don't need the stack trace, I need to > know what exactly failed, something like what Firefox/Chrome do on SSL > failures. I'm trying to debug this right now, and I have absolutely no idea > what's going on here. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (DIRSERVER-2043) SSL connection failures errors are useless
[ https://issues.apache.org/jira/browse/DIRSERVER-2043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14268878#comment-14268878 ] Emmanuel Lecharny commented on DIRSERVER-2043: -- Can yu provide a bit more of context ? Which compinent are you using, and which version ? Thanks ! SSL connection failures errors are useless -- Key: DIRSERVER-2043 URL: https://issues.apache.org/jira/browse/DIRSERVER-2043 Project: Directory ApacheDS Issue Type: Bug Affects Versions: 2.0.0-M19 Reporter: Roy Wellington Priority: Minor When connecting, if StartTLS fails, you get an error such as the following: {noformat} Error while opening connection - SSL handshake failed. org.apache.directory.ldap.client.api.exception.InvalidConnectionException: SSL handshake failed. at org.apache.directory.ldap.client.api.LdapNetworkConnection.writeRequest(LdapNetworkConnection.java:3939) at org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1178) at org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1076) at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:368) at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1175) at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:460) at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:306) at org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.run(OpenConnectionsRunnable.java:114) at org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109) at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54) SSL handshake failed. {noformat} But _why_ did the SSL handshake fail? I don't need the stack trace, I need to know what exactly failed, something like what Firefox/Chrome do on SSL failures. I'm trying to debug this right now, and I have absolutely no idea what's going on here. -- This message was sent by Atlassian JIRA (v6.3.4#6332)