[jira] [Commented] (DIRSERVER-2043) SSL connection failures errors are useless
[
https://issues.apache.org/jira/browse/DIRSERVER-2043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15584959#comment-15584959
]
Andreas Riddering commented on DIRSERVER-2043:
--
As i edited in my last answer, i messed up with the title of this ticket and my
request is about die ADStudio not the server. Sorry for the confusion. So as
its not ApacheDirServer, but IBM SDS its written in C and the JVM Parameter
cant be applied.
Nevertheless i did some testing. Installing Java8 leads to some strange
behaviour, so connection to one of the two servers in charge is possible, but
not to the other. Versions differ only a little bit. (Remember, with Java7 >
.85 a connection to non of the two was possible...)
At this point i took openssl and did some tests and while connecting to the
server with the problems openssl throws up some strange SSL3 "bad record mac"
errors... Interestingly i don't get those errors, if i put -ssl3 or -tls1 as a
parameter to openssl.
ldapsearch on cygwin on my local machine also can't connect to the server in
question, same "bad record mac"-error, but ldapsearch on another linux-server
is able to connect to both servers...
So my conclusion is, that this unpatched server has some problems with the
"autonegotation" of the ssl/tls protocol or something like that. So no todo
left here, but thank you for your input!
> SSL connection failures errors are useless
> --
>
> Key: DIRSERVER-2043
> URL: https://issues.apache.org/jira/browse/DIRSERVER-2043
> Project: Directory ApacheDS
> Issue Type: Bug
>Affects Versions: 2.0.0-M19
>Reporter: Roy Wellington
>Priority: Minor
>
> When connecting, if StartTLS fails, you get an error such as the following:
> {noformat}
> Error while opening connection
> - SSL handshake failed.
> org.apache.directory.ldap.client.api.exception.InvalidConnectionException:
> SSL handshake failed.
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.writeRequest(LdapNetworkConnection.java:3939)
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1178)
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1076)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:368)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1175)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:460)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:306)
> at
> org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.run(OpenConnectionsRunnable.java:114)
> at
> org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109)
> at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54)
> SSL handshake failed.
> {noformat}
> But _why_ did the SSL handshake fail? I don't need the stack trace, I need to
> know what exactly failed, something like what Firefox/Chrome do on SSL
> failures. I'm trying to debug this right now, and I have absolutely no idea
> what's going on here.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (DIRSERVER-2043) SSL connection failures errors are useless
[
https://issues.apache.org/jira/browse/DIRSERVER-2043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15548762#comment-15548762
]
Emmanuel Lecharny commented on DIRSERVER-2043:
--
It's hard for me to give you an answer.
The truth is that people are using Studio with Java 6 (EOL feb 2013), Java 7
(EOL apr 2015) and Java 8 (EOL 2017). Each of those versions may be supported
by Oracle past there EOL through a paying subscription, something we don't do.
That means we depend on the latest versions, ie Java 8 as of today.
We test Studio with the latest Java 8 build (which is for me java version
"1.8.0_102"). Oracle release new versions almost every 2 months, with patches,
fixes and changes, that makes the thing quite hard for us to test all of them
(FTR, there were 17 java 7 releases in 4 years, and 15 java 8 releases in 2
years).
When it comes to the security parts, there were a hell lot of changes, with old
ciphers being desactivated (RC4, for instance, was disabled in 8u51 and 7u85).
Now, Studio depends on the Java version you are using, and it also depends on
the server you are using, and how it is configured. Without those informations,
there is little we can do...
> SSL connection failures errors are useless
> --
>
> Key: DIRSERVER-2043
> URL: https://issues.apache.org/jira/browse/DIRSERVER-2043
> Project: Directory ApacheDS
> Issue Type: Bug
>Affects Versions: 2.0.0-M19
>Reporter: Roy Wellington
>Priority: Minor
>
> When connecting, if StartTLS fails, you get an error such as the following:
> {noformat}
> Error while opening connection
> - SSL handshake failed.
> org.apache.directory.ldap.client.api.exception.InvalidConnectionException:
> SSL handshake failed.
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.writeRequest(LdapNetworkConnection.java:3939)
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1178)
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1076)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:368)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1175)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:460)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:306)
> at
> org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.run(OpenConnectionsRunnable.java:114)
> at
> org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109)
> at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54)
> SSL handshake failed.
> {noformat}
> But _why_ did the SSL handshake fail? I don't need the stack trace, I need to
> know what exactly failed, something like what Firefox/Chrome do on SSL
> failures. I'm trying to debug this right now, and I have absolutely no idea
> what's going on here.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (DIRSERVER-2043) SSL connection failures errors are useless
[
https://issues.apache.org/jira/browse/DIRSERVER-2043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15548503#comment-15548503
]
Andreas Riddering commented on DIRSERVER-2043:
--
I could give it a try later on, if its possible to test this on the
test-environment. But as there are serveral hundrets of people using the
prouctive env and as its configured with HA stuff and so on, it won't be
possible to change this within a short matter of time.
I am just wondering, why ADS is working fine with an older Java-Version, but
refuses to connect to the same server when working with a newer version. There
must be something, thats taking into account?!?
As i did some testing, your supposal with TLSv1.1 could solve our problem. I
tried to connect to the (older) server with tls1_1 via openssl, and it didnt
work. Using a newer server, which supports TLS1.1 and 1.2 can be connected to
via ADS and newer JavaVersion.
So, is it possible to start ADS (with newer Java Version) with TLS1(.0) Support
enabled?
For the short term it only needs to use the older java version or has tls1(.0)
support enabled. Couldn't find out how this is possible...
> SSL connection failures errors are useless
> --
>
> Key: DIRSERVER-2043
> URL: https://issues.apache.org/jira/browse/DIRSERVER-2043
> Project: Directory ApacheDS
> Issue Type: Bug
>Affects Versions: 2.0.0-M19
>Reporter: Roy Wellington
>Priority: Minor
>
> When connecting, if StartTLS fails, you get an error such as the following:
> {noformat}
> Error while opening connection
> - SSL handshake failed.
> org.apache.directory.ldap.client.api.exception.InvalidConnectionException:
> SSL handshake failed.
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.writeRequest(LdapNetworkConnection.java:3939)
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1178)
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1076)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:368)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1175)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:460)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:306)
> at
> org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.run(OpenConnectionsRunnable.java:114)
> at
> org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109)
> at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54)
> SSL handshake failed.
> {noformat}
> But _why_ did the SSL handshake fail? I don't need the stack trace, I need to
> know what exactly failed, something like what Firefox/Chrome do on SSL
> failures. I'm trying to debug this right now, and I have absolutely no idea
> what's going on here.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (DIRSERVER-2043) SSL connection failures errors are useless
[
https://issues.apache.org/jira/browse/DIRSERVER-2043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15545432#comment-15545432
]
Emmanuel Lecharny commented on DIRSERVER-2043:
--
Have you tried to start the server with {{-Ddeployment.security.TLSv1.1=true}}
as a parameter of the JVM ?
> SSL connection failures errors are useless
> --
>
> Key: DIRSERVER-2043
> URL: https://issues.apache.org/jira/browse/DIRSERVER-2043
> Project: Directory ApacheDS
> Issue Type: Bug
>Affects Versions: 2.0.0-M19
>Reporter: Roy Wellington
>Priority: Minor
>
> When connecting, if StartTLS fails, you get an error such as the following:
> {noformat}
> Error while opening connection
> - SSL handshake failed.
> org.apache.directory.ldap.client.api.exception.InvalidConnectionException:
> SSL handshake failed.
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.writeRequest(LdapNetworkConnection.java:3939)
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1178)
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1076)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:368)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1175)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:460)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:306)
> at
> org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.run(OpenConnectionsRunnable.java:114)
> at
> org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109)
> at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54)
> SSL handshake failed.
> {noformat}
> But _why_ did the SSL handshake fail? I don't need the stack trace, I need to
> know what exactly failed, something like what Firefox/Chrome do on SSL
> failures. I'm trying to debug this right now, and I have absolutely no idea
> what's going on here.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (DIRSERVER-2043) SSL connection failures errors are useless
[
https://issues.apache.org/jira/browse/DIRSERVER-2043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15545241#comment-15545241
]
Andreas Riddering commented on DIRSERVER-2043:
--
We have had this issue after an upgrade of the Java Version.
With Java 7.0.850.1 everthing is fine, with 7.0.990.1 as with 7.0.1110.0 we get
the error discribed above.
Is there any change between the Java Versions, that ADS uses for the SSL
Connection?
Today we need to work in an productive environment with and outdated Java
version. Somehow thats not that good...
As those Servers are productive and connected to many other systems, we simply
can't fix this issue server side.
> SSL connection failures errors are useless
> --
>
> Key: DIRSERVER-2043
> URL: https://issues.apache.org/jira/browse/DIRSERVER-2043
> Project: Directory ApacheDS
> Issue Type: Bug
>Affects Versions: 2.0.0-M19
>Reporter: Roy Wellington
>Priority: Minor
>
> When connecting, if StartTLS fails, you get an error such as the following:
> {noformat}
> Error while opening connection
> - SSL handshake failed.
> org.apache.directory.ldap.client.api.exception.InvalidConnectionException:
> SSL handshake failed.
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.writeRequest(LdapNetworkConnection.java:3939)
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1178)
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1076)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:368)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1175)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:460)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:306)
> at
> org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.run(OpenConnectionsRunnable.java:114)
> at
> org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109)
> at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54)
> SSL handshake failed.
> {noformat}
> But _why_ did the SSL handshake fail? I don't need the stack trace, I need to
> know what exactly failed, something like what Firefox/Chrome do on SSL
> failures. I'm trying to debug this right now, and I have absolutely no idea
> what's going on here.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (DIRSERVER-2043) SSL connection failures errors are useless
[
https://issues.apache.org/jira/browse/DIRSERVER-2043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15272217#comment-15272217
]
Emmanuel Lecharny commented on DIRSERVER-2043:
--
{{TLSv1.2}}
> SSL connection failures errors are useless
> --
>
> Key: DIRSERVER-2043
> URL: https://issues.apache.org/jira/browse/DIRSERVER-2043
> Project: Directory ApacheDS
> Issue Type: Bug
>Affects Versions: 2.0.0-M19
>Reporter: Roy Wellington
>Priority: Minor
>
> When connecting, if StartTLS fails, you get an error such as the following:
> {noformat}
> Error while opening connection
> - SSL handshake failed.
> org.apache.directory.ldap.client.api.exception.InvalidConnectionException:
> SSL handshake failed.
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.writeRequest(LdapNetworkConnection.java:3939)
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1178)
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1076)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:368)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1175)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:460)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:306)
> at
> org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.run(OpenConnectionsRunnable.java:114)
> at
> org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109)
> at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54)
> SSL handshake failed.
> {noformat}
> But _why_ did the SSL handshake fail? I don't need the stack trace, I need to
> know what exactly failed, something like what Firefox/Chrome do on SSL
> failures. I'm trying to debug this right now, and I have absolutely no idea
> what's going on here.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (DIRSERVER-2043) SSL connection failures errors are useless
[
https://issues.apache.org/jira/browse/DIRSERVER-2043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15272207#comment-15272207
]
Robert Campbell commented on DIRSERVER-2043:
{{TLSV1.2}} or {{TLSv1.2}} ?
> SSL connection failures errors are useless
> --
>
> Key: DIRSERVER-2043
> URL: https://issues.apache.org/jira/browse/DIRSERVER-2043
> Project: Directory ApacheDS
> Issue Type: Bug
>Affects Versions: 2.0.0-M19
>Reporter: Roy Wellington
>Priority: Minor
>
> When connecting, if StartTLS fails, you get an error such as the following:
> {noformat}
> Error while opening connection
> - SSL handshake failed.
> org.apache.directory.ldap.client.api.exception.InvalidConnectionException:
> SSL handshake failed.
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.writeRequest(LdapNetworkConnection.java:3939)
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1178)
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1076)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:368)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1175)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:460)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:306)
> at
> org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.run(OpenConnectionsRunnable.java:114)
> at
> org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109)
> at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54)
> SSL handshake failed.
> {noformat}
> But _why_ did the SSL handshake fail? I don't need the stack trace, I need to
> know what exactly failed, something like what Firefox/Chrome do on SSL
> failures. I'm trying to debug this right now, and I have absolutely no idea
> what's going on here.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (DIRSERVER-2043) SSL connection failures errors are useless
[
https://issues.apache.org/jira/browse/DIRSERVER-2043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15272110#comment-15272110
]
Emmanuel Lecharny commented on DIRSERVER-2043:
--
It's possible that Studio has a bug, and inject the wrong protocolVersion in
the server's configuration. I will investigate that asap.
Now, as a workaround, you should be able to change this configuration by
modifying the file that contains the {{ads-enabledProtocol}} strings on the
server. It's {{ldapServer.ldif}}, you should typically see :
{norformat}
...
dn:
ads-transportid=ldaps,ou=transports,ads-serverId=ldapServer,ou=servers,ads-directoryServiceId=default,ou=config
ads-systemport: 10636
ads-transportenablessl: true
ads-transportaddress: localhost
ads-transportid: ldaps
ads-needClientAuth: false
ads-wantClientAuth: true
ads-enabledCiphers: ...
ads-enabledProtocols: TLSV1
ads-enabledProtocols: TLSV1.1
ads-enabledProtocols: TLSV1.2
objectclass: ads-transport
objectclass: ads-tcpTransport
objectclass: top
ads-enabled: true
...
{noformat}
Otherwise, I strongly suggest you only keep TLSv1.2...
> SSL connection failures errors are useless
> --
>
> Key: DIRSERVER-2043
> URL: https://issues.apache.org/jira/browse/DIRSERVER-2043
> Project: Directory ApacheDS
> Issue Type: Bug
>Affects Versions: 2.0.0-M19
>Reporter: Roy Wellington
>Priority: Minor
>
> When connecting, if StartTLS fails, you get an error such as the following:
> {noformat}
> Error while opening connection
> - SSL handshake failed.
> org.apache.directory.ldap.client.api.exception.InvalidConnectionException:
> SSL handshake failed.
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.writeRequest(LdapNetworkConnection.java:3939)
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1178)
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1076)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:368)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1175)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:460)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:306)
> at
> org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.run(OpenConnectionsRunnable.java:114)
> at
> org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109)
> at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54)
> SSL handshake failed.
> {noformat}
> But _why_ did the SSL handshake fail? I don't need the stack trace, I need to
> know what exactly failed, something like what Firefox/Chrome do on SSL
> failures. I'm trying to debug this right now, and I have absolutely no idea
> what's going on here.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (DIRSERVER-2043) SSL connection failures errors are useless
[
https://issues.apache.org/jira/browse/DIRSERVER-2043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15272059#comment-15272059
]
Robert Campbell commented on DIRSERVER-2043:
from the command line
ldapsearch -x -b "dc=westfieldhealth,dc=com" -D 'uid=admin,ou=system' -H
'ldap://127.0.0.1:10389' -v -w 'secret' -ZZ
ldap_initialize( ldap://127.0.0.1:10389/??base )
ldap_start_tls: Connect error (-11)
additional info: error:140770FC:SSL
routines:SSL23_GET_SERVER_HELLO:unknown protocol
> SSL connection failures errors are useless
> --
>
> Key: DIRSERVER-2043
> URL: https://issues.apache.org/jira/browse/DIRSERVER-2043
> Project: Directory ApacheDS
> Issue Type: Bug
>Affects Versions: 2.0.0-M19
>Reporter: Roy Wellington
>Priority: Minor
>
> When connecting, if StartTLS fails, you get an error such as the following:
> {noformat}
> Error while opening connection
> - SSL handshake failed.
> org.apache.directory.ldap.client.api.exception.InvalidConnectionException:
> SSL handshake failed.
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.writeRequest(LdapNetworkConnection.java:3939)
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1178)
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1076)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:368)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1175)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:460)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:306)
> at
> org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.run(OpenConnectionsRunnable.java:114)
> at
> org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109)
> at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54)
> SSL handshake failed.
> {noformat}
> But _why_ did the SSL handshake fail? I don't need the stack trace, I need to
> know what exactly failed, something like what Firefox/Chrome do on SSL
> failures. I'm trying to debug this right now, and I have absolutely no idea
> what's going on here.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (DIRSERVER-2043) SSL connection failures errors are useless
[
https://issues.apache.org/jira/browse/DIRSERVER-2043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15272052#comment-15272052
]
Robert Campbell commented on DIRSERVER-2043:
This is a default install of the ADS and Studio on the Mac, used for
development, testing and learning. We were about to move to production server
and have had a Centos instance running as well, all using 10386 not encrypted
for ease of use. Now we're migrating to production and adding SSL/TLS things
aren't working as expected on both instances.
The only changes I have done is to check the boxes in DS GUI to enable TLS 1.0,
1.1, 1.2 .
But you are correct in that all three of the settings are like
{{ads-enabledprotocols =TLSV1.2}}
i.e. capitalised, however changing these to {{TLSv1.2}} etc. does not seem to
make a difference, except I'm back to the short error message.
Error while opening connection
- SSL handshake failed.
org.apache.directory.ldap.client.api.exception.InvalidConnectionException: SSL
handshake failed.
at
org.apache.directory.ldap.client.api.LdapNetworkConnection.writeRequest(LdapNetworkConnection.java:4149)
at
org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1300)
at
org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1198)
at
org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:365)
at
org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1171)
at
org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:457)
at
org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:303)
at
org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.run(OpenConnectionsRunnable.java:114)
at
org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109)
at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54)
SSL handshake failed.
> SSL connection failures errors are useless
> --
>
> Key: DIRSERVER-2043
> URL: https://issues.apache.org/jira/browse/DIRSERVER-2043
> Project: Directory ApacheDS
> Issue Type: Bug
>Affects Versions: 2.0.0-M19
>Reporter: Roy Wellington
>Priority: Minor
>
> When connecting, if StartTLS fails, you get an error such as the following:
> {noformat}
> Error while opening connection
> - SSL handshake failed.
> org.apache.directory.ldap.client.api.exception.InvalidConnectionException:
> SSL handshake failed.
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.writeRequest(LdapNetworkConnection.java:3939)
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1178)
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1076)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:368)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1175)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:460)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:306)
> at
> org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.run(OpenConnectionsRunnable.java:114)
> at
> org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109)
> at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54)
> SSL handshake failed.
> {noformat}
> But _why_ did the SSL handshake fail? I don't need the stack trace, I need to
> know what exactly failed, something like what Firefox/Chrome do on SSL
> failures. I'm trying to debug this right now, and I have absolutely no idea
> what's going on here.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (DIRSERVER-2043) SSL connection failures errors are useless
[
https://issues.apache.org/jira/browse/DIRSERVER-2043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15271530#comment-15271530
]
Emmanuel Lecharny commented on DIRSERVER-2043:
--
Have you changed the {{ads-enabledProtocols}} configuration element on the
server ? Can you check that in the
{{ads-transportid=ldaps,ou=transports,ads-serverId=ldapServer,ou=servers,ads-directoryServiceId=default,ou=confiig}}
file ?
> SSL connection failures errors are useless
> --
>
> Key: DIRSERVER-2043
> URL: https://issues.apache.org/jira/browse/DIRSERVER-2043
> Project: Directory ApacheDS
> Issue Type: Bug
>Affects Versions: 2.0.0-M19
>Reporter: Roy Wellington
>Priority: Minor
>
> When connecting, if StartTLS fails, you get an error such as the following:
> {noformat}
> Error while opening connection
> - SSL handshake failed.
> org.apache.directory.ldap.client.api.exception.InvalidConnectionException:
> SSL handshake failed.
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.writeRequest(LdapNetworkConnection.java:3939)
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1178)
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1076)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:368)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1175)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:460)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:306)
> at
> org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.run(OpenConnectionsRunnable.java:114)
> at
> org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109)
> at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54)
> SSL handshake failed.
> {noformat}
> But _why_ did the SSL handshake fail? I don't need the stack trace, I need to
> know what exactly failed, something like what Firefox/Chrome do on SSL
> failures. I'm trying to debug this right now, and I have absolutely no idea
> what's going on here.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (DIRSERVER-2043) SSL connection failures errors are useless
[
https://issues.apache.org/jira/browse/DIRSERVER-2043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15271467#comment-15271467
]
Robert Campbell commented on DIRSERVER-2043:
So who's doing that and how can it be corrected?
> SSL connection failures errors are useless
> --
>
> Key: DIRSERVER-2043
> URL: https://issues.apache.org/jira/browse/DIRSERVER-2043
> Project: Directory ApacheDS
> Issue Type: Bug
>Affects Versions: 2.0.0-M19
>Reporter: Roy Wellington
>Priority: Minor
>
> When connecting, if StartTLS fails, you get an error such as the following:
> {noformat}
> Error while opening connection
> - SSL handshake failed.
> org.apache.directory.ldap.client.api.exception.InvalidConnectionException:
> SSL handshake failed.
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.writeRequest(LdapNetworkConnection.java:3939)
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1178)
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1076)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:368)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1175)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:460)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:306)
> at
> org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.run(OpenConnectionsRunnable.java:114)
> at
> org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109)
> at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54)
> SSL handshake failed.
> {noformat}
> But _why_ did the SSL handshake fail? I don't need the stack trace, I need to
> know what exactly failed, something like what Firefox/Chrome do on SSL
> failures. I'm trying to debug this right now, and I have absolutely no idea
> what's going on here.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (DIRSERVER-2043) SSL connection failures errors are useless
[
https://issues.apache.org/jira/browse/DIRSERVER-2043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15271053#comment-15271053
]
Emmanuel Lecharny commented on DIRSERVER-2043:
--
Clearly, the ProtocolVersion is incorrect. It should be {{TLSv1}}, not
{{TLSV1}}.
> SSL connection failures errors are useless
> --
>
> Key: DIRSERVER-2043
> URL: https://issues.apache.org/jira/browse/DIRSERVER-2043
> Project: Directory ApacheDS
> Issue Type: Bug
>Affects Versions: 2.0.0-M19
>Reporter: Roy Wellington
>Priority: Minor
>
> When connecting, if StartTLS fails, you get an error such as the following:
> {noformat}
> Error while opening connection
> - SSL handshake failed.
> org.apache.directory.ldap.client.api.exception.InvalidConnectionException:
> SSL handshake failed.
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.writeRequest(LdapNetworkConnection.java:3939)
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1178)
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1076)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:368)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1175)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:460)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:306)
> at
> org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.run(OpenConnectionsRunnable.java:114)
> at
> org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109)
> at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54)
> SSL handshake failed.
> {noformat}
> But _why_ did the SSL handshake fail? I don't need the stack trace, I need to
> know what exactly failed, something like what Firefox/Chrome do on SSL
> failures. I'm trying to debug this right now, and I have absolutely no idea
> what's going on here.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (DIRSERVER-2043) SSL connection failures errors are useless
[
https://issues.apache.org/jira/browse/DIRSERVER-2043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15270985#comment-15270985
]
Robert Campbell commented on DIRSERVER-2043:
This is error from command line
Robert-Campbells-MacBook-Pro:~ robertcampbell$ ldapsearch -x -b
"dc=westfieldhealth,dc=com" -D 'uid=admin,ou=system' -H
'ldap://127.0.0.1:10389' -v -w 'secret' -ZZ
ldap_initialize( ldap://127.0.0.1:10389/??base )
ldap_start_tls: Other (e.g., implementation specific) error (80)
additional info: OTHER: Extended operation handler for the specified
EXTENSION_OID (1.3.6.1.4.1.1466.20037) has failed to process your request:
org.apache.mina.core.filterchain.IoFilterLifeCycleException: onPreAdd():
sslFilter:SslFilter in (0x0003: nio socket, server, /127.0.0.1:50879 =>
/127.0.0.1:10389)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.register(DefaultIoFilterChain.java:383)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.addFirst(DefaultIoFilterChain.java:184)
at
org.apache.directory.server.ldap.handlers.extended.StartTlsHandler.handleExtendedOperation(StartTlsHandler.java:128)
at
org.apache.directory.server.ldap.handlers.request.ExtendedRequestHandler.handle(ExtendedRequestHandler.java:64)
at
org.apache.directory.server.ldap.handlers.request.ExtendedRequestHandler.handle(ExtendedRequestHandler.java:39)
at
org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:222)
at
org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:56)
at
org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:221)
at
org.apache.directory.server.ldap.LdapProtocolHandler.messageReceived(LdapProtocolHandler.java:216)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:854)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:542)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1300(DefaultIoFilterChain.java:48)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:943)
at
org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:74)
at org.apache.mina.core.session.IoEvent.run(IoEvent.java:63)
at
org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.runTask(UnorderedThreadPoolExecutor.java:475)
at
org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.run(UnorderedThreadPoolExecutor.java:429)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.IllegalArgumentException: TLSV1
at sun.security.ssl.ProtocolVersion.valueOf(ProtocolVersion.java:187)
at sun.security.ssl.ProtocolList.convert(ProtocolList.java:84)
at sun.security.ssl.ProtocolList.(ProtocolList.java:52)
at
sun.security.ssl.SSLEngineImpl.setEnabledProtocols(SSLEngineImpl.java:2081)
at org.apache.mina.filter.ssl.SslHandler.init(SslHandler.java:176)
at org.apache.mina.filter.ssl.SslFilter.onPreAdd(SslFilter.java:427)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.register(DefaultIoFilterChain.java:381)
... 17 more
> SSL connection failures errors are useless
> --
>
> Key: DIRSERVER-2043
> URL: https://issues.apache.org/jira/browse/DIRSERVER-2043
> Project: Directory ApacheDS
> Issue Type: Bug
>Affects Versions: 2.0.0-M19
>Reporter: Roy Wellington
>Priority: Minor
>
> When connecting, if StartTLS fails, you get an error such as the following:
> {noformat}
> Error while opening connection
> - SSL handshake failed.
> org.apache.directory.ldap.client.api.exception.InvalidConnectionException:
> SSL handshake failed.
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.writeRequest(LdapNetworkConnection.java:3939)
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1178)
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1076)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:368)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1175)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:460)
> at
>
[jira] [Commented] (DIRSERVER-2043) SSL connection failures errors are useless
[ https://issues.apache.org/jira/browse/DIRSERVER-2043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15270977#comment-15270977 ] Robert Campbell commented on DIRSERVER-2043: I did this with my Mac, assuming the wrapper.conf file was the place to add the debug parameters you proposed. bq. # Application parameters. Add parameters as needed starting from 1 wrapper.app.parameter.1=%INSTANCE_DIRECTORY% wrapper.app.parameter.2=-Djavax.net.debug=ssl:handshake error seems to correspond with command line error message I got while using ldapsearch instread of just a connection using DS Studio Error while opening connection - OTHER: Extended operation handler for the specified EXTENSION_OID (1.3.6.1.4.1.1466.20037) has failed to process your request org.apache.directory.api.ldap.model.exception.LdapOperationException: OTHER: Extended operation handler for the specified EXTENSION_OID (1.3.6.1.4.1.1466.20037) has failed to process your request: org.apache.mina.core.filterchain.IoFilterLifeCycleException: onPreAdd(): sslFilter:SslFilter in (0x0001: nio socket, server, /127.0.0.1:50699 => /127.0.0.1:10389) at org.apache.mina.core.filterchain.DefaultIoFilterChain.register(DefaultIoFilterChain.java:383) at org.apache.mina.core.filterchain.DefaultIoFilterChain.addFirst(DefaultIoFilterChain.java:184) at org.apache.directory.server.ldap.handlers.extended.StartTlsHandler.handleExtendedOperation(StartTlsHandler.java:128) at org.apache.directory.server.ldap.handlers.request.ExtendedRequestHandler.handle(ExtendedRequestHandler.java:64) at org.apache.directory.server.ldap.handlers.request.ExtendedRequestHandler.handle(ExtendedRequestHandler.java:39) at org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:222) at org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:56) at org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:221) at org.apache.directory.server.ldap.LdapProtocolHandler.messageReceived(LdapProtocolHandler.java:216) at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:854) at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:542) at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1300(DefaultIoFilterChain.java:48) at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:943) at org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:74) at org.apache.mina.core.session.IoEvent.run(IoEvent.java:63) at org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.runTask(UnorderedThreadPoolExecutor.java:475) at org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.run(UnorderedThreadPoolExecutor.java:429) at java.lang.Thread.run(Thread.java:745) Caused by: java.lang.IllegalArgumentException: TLSV1 at sun.security.ssl.ProtocolVersion.valueOf(ProtocolVersion.java:187) at sun.security.ssl.ProtocolList.convert(ProtocolList.java:84) at sun.security.ssl.ProtocolList.(ProtocolList.java:52) at sun.security.ssl.SSLEngineImpl.setEnabledProtocols(SSLEngineImpl.java:2081) at org.apache.mina.filter.ssl.SslHandler.init(SslHandler.java:176) at org.apache.mina.filter.ssl.SslFilter.onPreAdd(SslFilter.java:427) at org.apache.mina.core.filterchain.DefaultIoFilterChain.register(DefaultIoFilterChain.java:381) ... 17 more at org.apache.directory.ldap.client.api.LdapNetworkConnection.startTls(LdapNetworkConnection.java:3867) at org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1283) at org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1198) at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:365) at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1171) at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:457) at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:303) at org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.run(OpenConnectionsRunnable.java:114) at org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109) at
[jira] [Commented] (DIRSERVER-2043) SSL connection failures errors are useless
[
https://issues.apache.org/jira/browse/DIRSERVER-2043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15270837#comment-15270837
]
Emmanuel Lecharny commented on DIRSERVER-2043:
--
May I suggest you start the server with {{-Djavax.net.debug=ssl:handshake.}} as
a parameter, to get some information about what's going on during the handshake
?
We can't really get anything valuable from the {{SSLEngine}} otherwise...
> SSL connection failures errors are useless
> --
>
> Key: DIRSERVER-2043
> URL: https://issues.apache.org/jira/browse/DIRSERVER-2043
> Project: Directory ApacheDS
> Issue Type: Bug
>Affects Versions: 2.0.0-M19
>Reporter: Roy Wellington
>Priority: Minor
>
> When connecting, if StartTLS fails, you get an error such as the following:
> {noformat}
> Error while opening connection
> - SSL handshake failed.
> org.apache.directory.ldap.client.api.exception.InvalidConnectionException:
> SSL handshake failed.
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.writeRequest(LdapNetworkConnection.java:3939)
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1178)
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1076)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:368)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1175)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:460)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:306)
> at
> org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.run(OpenConnectionsRunnable.java:114)
> at
> org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109)
> at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54)
> SSL handshake failed.
> {noformat}
> But _why_ did the SSL handshake fail? I don't need the stack trace, I need to
> know what exactly failed, something like what Firefox/Chrome do on SSL
> failures. I'm trying to debug this right now, and I have absolutely no idea
> what's going on here.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (DIRSERVER-2043) SSL connection failures errors are useless
[
https://issues.apache.org/jira/browse/DIRSERVER-2043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15270758#comment-15270758
]
Robert Campbell commented on DIRSERVER-2043:
So I get the same issue
ADS instance on a Mac 10.9.x (also on Centos 6)
Connects OK with no encryption
Enable encryption at the server properties tab
edit connection properties to use either LDAPS or StartTLS and the connection
fails
See error below.
I have trusted the self signed cert for this session
java.version=1.8.0_73
ADS Version: 2.0.0.v20151221-M10
org.apache.directory.ldap.client.api.exception.InvalidConnectionException: SSL
handshake failed.
at
org.apache.directory.ldap.client.api.LdapNetworkConnection.writeRequest(LdapNetworkConnection.java:4149)
at
org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1300)
at
org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1198)
at
org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:365)
at
org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1171)
at
org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:457)
at
org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:303)
at
org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.run(OpenConnectionsRunnable.java:114)
at
org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109)
at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54)
> SSL connection failures errors are useless
> --
>
> Key: DIRSERVER-2043
> URL: https://issues.apache.org/jira/browse/DIRSERVER-2043
> Project: Directory ApacheDS
> Issue Type: Bug
>Affects Versions: 2.0.0-M19
>Reporter: Roy Wellington
>Priority: Minor
>
> When connecting, if StartTLS fails, you get an error such as the following:
> {noformat}
> Error while opening connection
> - SSL handshake failed.
> org.apache.directory.ldap.client.api.exception.InvalidConnectionException:
> SSL handshake failed.
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.writeRequest(LdapNetworkConnection.java:3939)
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1178)
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1076)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:368)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1175)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:460)
> at
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:306)
> at
> org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.run(OpenConnectionsRunnable.java:114)
> at
> org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109)
> at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54)
> SSL handshake failed.
> {noformat}
> But _why_ did the SSL handshake fail? I don't need the stack trace, I need to
> know what exactly failed, something like what Firefox/Chrome do on SSL
> failures. I'm trying to debug this right now, and I have absolutely no idea
> what's going on here.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (DIRSERVER-2043) SSL connection failures errors are useless
[
https://issues.apache.org/jira/browse/DIRSERVER-2043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14268878#comment-14268878
]
Emmanuel Lecharny commented on DIRSERVER-2043:
--
Can yu provide a bit more of context ? Which compinent are you using, and which
version ? Thanks !
SSL connection failures errors are useless
--
Key: DIRSERVER-2043
URL: https://issues.apache.org/jira/browse/DIRSERVER-2043
Project: Directory ApacheDS
Issue Type: Bug
Affects Versions: 2.0.0-M19
Reporter: Roy Wellington
Priority: Minor
When connecting, if StartTLS fails, you get an error such as the following:
{noformat}
Error while opening connection
- SSL handshake failed.
org.apache.directory.ldap.client.api.exception.InvalidConnectionException:
SSL handshake failed.
at
org.apache.directory.ldap.client.api.LdapNetworkConnection.writeRequest(LdapNetworkConnection.java:3939)
at
org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1178)
at
org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1076)
at
org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:368)
at
org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1175)
at
org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:460)
at
org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:306)
at
org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.run(OpenConnectionsRunnable.java:114)
at
org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109)
at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54)
SSL handshake failed.
{noformat}
But _why_ did the SSL handshake fail? I don't need the stack trace, I need to
know what exactly failed, something like what Firefox/Chrome do on SSL
failures. I'm trying to debug this right now, and I have absolutely no idea
what's going on here.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
