[Freeipa] [Bug 1730039] Re: 389-console fails to connect with TLSv1.2
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: 389-console (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of FreeIPA, which is subscribed to jss in Ubuntu. https://bugs.launchpad.net/bugs/1730039 Title: 389-console fails to connect with TLSv1.2 Status in 389-console package in Ubuntu: Confirmed Status in jss package in Ubuntu: Confirmed Bug description: 389-console on Ubuntu 17.10 fails to connect to an instance of dirsrv- admin that has been configured to allow only TLSv1.2 connections (389-console on Ubuntu 17.04 works fine against the same instance). 389-console -D 9 debug shows the following error: CREATE JSS SSLSocket Unable to create ssl socket org.mozilla.jss.ssl.SSLSocketException: SSL_VersionRangeSetDefault() for variant=0 with min=768 max=770 out of range (769:772): 0: (0) Unknown error at org.mozilla.jss.ssl.SSLSocket.setSSLVersionRangeDefault(Native Method) at org.mozilla.jss.ssl.SSLSocket.setSSLVersionRangeDefault(SSLSocket.java:1398) at com.netscape.management.client.comm.HttpsChannel.open(Unknown Source) at com.netscape.management.client.comm.CommManager.send(Unknown Source) at com.netscape.management.client.comm.HttpManager.get(Unknown Source) at com.netscape.management.client.console.Console.invoke_task(Unknown Source) at com.netscape.management.client.console.Console.authenticate_user(Unknown Source) at com.netscape.management.client.console.Console.(Unknown Source) at com.netscape.management.client.console.Console.main(Unknown Source) Downgrading the libjss-java package to version 4.3.1-7build1 from Ubuntu 17.04 fixes the problem. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/389-console/+bug/1730039/+subscriptions ___ Mailing list: https://launchpad.net/~freeipa Post to : freeipa@lists.launchpad.net Unsubscribe : https://launchpad.net/~freeipa More help : https://help.launchpad.net/ListHelp
[Freeipa] [Bug 1773843] Re: cannot upgrade freeipa-server
> there is no dogtag-pki in 19.04, so you can't do that I'm aware. I built the package from Disco sources with the server packages enabled (ONLY_CLIENT=0), thinking that would be the closest to what will go into 20.04 LTS. As I'm rolling out a fresh deployment, I could either go with Bionic and upgrade a live deployment to 20.04 LTS next year, or "slide into it" from pre-release packages while considering my deployment tentative (and possibly having to restart from scratch). I'd like to go for the second, but I suppose starting from Disco source isn't the way to do this? BTW, just did a fresh install of the Disco 4.7.2 (+ server) packages, and they work just fine. The issue is/was in the upgrade. -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1773843 Title: cannot upgrade freeipa-server Status in freeipa package in Ubuntu: Confirmed Bug description: I am trying to upgrade from freeipa 4.7.0~pre1 to 4.7.0~pre2-0~ppa3 of the staging repository. The install fails with the following error: RemoteRetrieveError: Failed to authenticate to CA REST API In the past, I also tried upgrading freeipa 4.7.0~pre1 to 4.7.0~pre2-0~ppa2 or from 4.7.0~pre2-0~ppa2 to 4.7.0~pre2-0~ppa3. All these attempts failed with the same error. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1773843/+subscriptions ___ Mailing list: https://launchpad.net/~freeipa Post to : freeipa@lists.launchpad.net Unsubscribe : https://launchpad.net/~freeipa More help : https://help.launchpad.net/ListHelp