Re: [ovirt-users] Engine AAA LDAP startTLS Protocol Issue
That works. Thanks. On 8 February 2018 at 12:56, Ondra Machacek wrote: > On 02/08/2018 11:04 AM, Alan Griffiths wrote: >> >> Hi, >> >> Trying to configure Engine to authenticate against OpenLDAP and I seem >> to be hitting a protocol bug. >> >> Attempts to test the login during the setup fail with >> >> 2018-02-07 12:27:37,872Z WARNING Exception: The connection reader was >> unable to successfully complete TLS negotiation: >> SSLException(message='Received fatal alert: protocol_version', >> trace='getSSLException(Alerts.java:208) / >> getSSLException(Alerts.java:154) / recvAlert(SSLSocketImpl.java:2033) >> / readRecord(SSLSocketImpl.java:1135) / >> performInitialHandshake(SSLSocketImpl.java:1385) / >> startHandshake(SSLSocketImpl.java:1413) / >> startHandshake(SSLSocketImpl.java:1397) / >> run(LDAPConnectionReader.java:301)', revision=0) >> >> Running a packet trace I see that it's trying to negotiate with TLS >> 1.0, but my LDAP server only support TLS 1.2. > > > I've sent a fix: > > https://gerrit.ovirt.org/87327 > > To workaround it just please add to you profile properties file: > > pool.default.ssl.startTLSProtocol = TLSv1.2 > >> >> This looks like a regression as it works fine in 4.0. >> >> I see the issue in both 4.1 and 4.2 >> >> 4.1.9.1 >> 4.2.0.2 >> >> Should I submit a bug? >> >> Thanks, >> >> Alan >> ___ >> Users mailing list >> Users@ovirt.org >> http://lists.ovirt.org/mailman/listinfo/users >> > ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Engine AAA LDAP startTLS Protocol Issue
On 02/08/2018 11:04 AM, Alan Griffiths wrote: Hi, Trying to configure Engine to authenticate against OpenLDAP and I seem to be hitting a protocol bug. Attempts to test the login during the setup fail with 2018-02-07 12:27:37,872Z WARNING Exception: The connection reader was unable to successfully complete TLS negotiation: SSLException(message='Received fatal alert: protocol_version', trace='getSSLException(Alerts.java:208) / getSSLException(Alerts.java:154) / recvAlert(SSLSocketImpl.java:2033) / readRecord(SSLSocketImpl.java:1135) / performInitialHandshake(SSLSocketImpl.java:1385) / startHandshake(SSLSocketImpl.java:1413) / startHandshake(SSLSocketImpl.java:1397) / run(LDAPConnectionReader.java:301)', revision=0) Running a packet trace I see that it's trying to negotiate with TLS 1.0, but my LDAP server only support TLS 1.2. I've sent a fix: https://gerrit.ovirt.org/87327 To workaround it just please add to you profile properties file: pool.default.ssl.startTLSProtocol = TLSv1.2 This looks like a regression as it works fine in 4.0. I see the issue in both 4.1 and 4.2 4.1.9.1 4.2.0.2 Should I submit a bug? Thanks, Alan ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] Engine AAA LDAP startTLS Protocol Issue
Hi, Trying to configure Engine to authenticate against OpenLDAP and I seem to be hitting a protocol bug. Attempts to test the login during the setup fail with 2018-02-07 12:27:37,872Z WARNING Exception: The connection reader was unable to successfully complete TLS negotiation: SSLException(message='Received fatal alert: protocol_version', trace='getSSLException(Alerts.java:208) / getSSLException(Alerts.java:154) / recvAlert(SSLSocketImpl.java:2033) / readRecord(SSLSocketImpl.java:1135) / performInitialHandshake(SSLSocketImpl.java:1385) / startHandshake(SSLSocketImpl.java:1413) / startHandshake(SSLSocketImpl.java:1397) / run(LDAPConnectionReader.java:301)', revision=0) Running a packet trace I see that it's trying to negotiate with TLS 1.0, but my LDAP server only support TLS 1.2. This looks like a regression as it works fine in 4.0. I see the issue in both 4.1 and 4.2 4.1.9.1 4.2.0.2 Should I submit a bug? Thanks, Alan ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
