TLSv1.3 requirement in guac 1.4.0?

Jason Keltz Mon, 03 Jan 2022 08:18:45 -0800

Hi..

I tried to bring install Guac 1.4.0 into place on our CentOS 7 serverrunning 1.3.0. I kept getting "invalid user" for logins. After somedebugging, I see in the logs (included below in more detail) anexception caused by "Caused by: java.lang.IllegalArgumentException:TLSv1.3". I believe there is an attempt to connect to the LDAP serverwith TLS 1.3, and when that fails, the auth fails as well, where-aspreviously TLS 1.2 would have been used. I may be wrong.


The identical configuration works with 1.3.

Is something requiring TLS v1.3 now that previously worked with 1.2?

(names/IPs changed)

Additional logs below..

10:27:47.806 [http-nio-8080-exec-1] DEBUGo.a.g.a.ldap.LDAPConnectionService - Connecting to LDAP server usingSSL/TLS.10:27:47.867 [http-nio-8080-exec-1] INFOo.a.d.a.l.c.o.DefaultLdapCodecService -MSG_06000_REGISTERED_CONTROL_FACTORY (1.3.6.1.4.1.18060.0.0.1)10:27:47.868 [http-nio-8080-exec-1] INFOo.a.d.a.l.c.o.DefaultLdapCodecService -MSG_06000_REGISTERED_CONTROL_FACTORY (2.16.840.1.113730.3.4.7)10:27:47.868 [http-nio-8080-exec-1] INFOo.a.d.a.l.c.o.DefaultLdapCodecService -MSG_06000_REGISTERED_CONTROL_FACTORY (2.16.840.1.113730.3.4.2)10:27:47.869 [http-nio-8080-exec-1] INFOo.a.d.a.l.c.o.DefaultLdapCodecService -MSG_06000_REGISTERED_CONTROL_FACTORY (1.2.840.113556.1.4.319)10:27:47.869 [http-nio-8080-exec-1] INFOo.a.d.a.l.c.o.DefaultLdapCodecService -MSG_06000_REGISTERED_CONTROL_FACTORY (2.16.840.1.113730.3.4.3)10:27:47.870 [http-nio-8080-exec-1] INFOo.a.d.a.l.c.o.DefaultLdapCodecService -MSG_06000_REGISTERED_CONTROL_FACTORY (2.16.840.1.113730.3.4.18)10:27:47.870 [http-nio-8080-exec-1] INFOo.a.d.a.l.c.o.DefaultLdapCodecService -MSG_06000_REGISTERED_CONTROL_FACTORY (1.2.840.113556.1.4.473)10:27:47.871 [http-nio-8080-exec-1] INFOo.a.d.a.l.c.o.DefaultLdapCodecService -MSG_06000_REGISTERED_CONTROL_FACTORY (1.2.840.113556.1.4.474)10:27:47.871 [http-nio-8080-exec-1] INFOo.a.d.a.l.c.o.DefaultLdapCodecService -MSG_06000_REGISTERED_CONTROL_FACTORY (1.3.6.1.4.1.4203.1.10.1)10:27:47.872 [http-nio-8080-exec-1] INFOo.a.d.a.l.c.StockCodecFactoryUtil -MSG_06000_REGISTERED_CONTROL_FACTORY (1.3.6.1.4.1.18060.0.0.1)10:27:47.872 [http-nio-8080-exec-1] INFOo.a.d.a.l.c.StockCodecFactoryUtil -MSG_06000_REGISTERED_CONTROL_FACTORY (2.16.840.1.113730.3.4.7)10:27:47.872 [http-nio-8080-exec-1] INFOo.a.d.a.l.c.StockCodecFactoryUtil -MSG_06000_REGISTERED_CONTROL_FACTORY (2.16.840.1.113730.3.4.2)10:27:47.872 [http-nio-8080-exec-1] INFOo.a.d.a.l.c.StockCodecFactoryUtil -MSG_06000_REGISTERED_CONTROL_FACTORY (1.2.840.113556.1.4.319)10:27:47.872 [http-nio-8080-exec-1] INFOo.a.d.a.l.c.StockCodecFactoryUtil -MSG_06000_REGISTERED_CONTROL_FACTORY (2.16.840.1.113730.3.4.3)10:27:47.872 [http-nio-8080-exec-1] INFOo.a.d.a.l.c.StockCodecFactoryUtil -MSG_06000_REGISTERED_CONTROL_FACTORY (2.16.840.1.113730.3.4.18)10:27:47.872 [http-nio-8080-exec-1] INFOo.a.d.a.l.c.StockCodecFactoryUtil -MSG_06000_REGISTERED_CONTROL_FACTORY (1.2.840.113556.1.4.473)10:27:47.872 [http-nio-8080-exec-1] INFOo.a.d.a.l.c.StockCodecFactoryUtil -MSG_06000_REGISTERED_CONTROL_FACTORY (1.2.840.113556.1.4.474)10:27:47.872 [http-nio-8080-exec-1] INFOo.a.d.a.l.c.StockCodecFactoryUtil -MSG_06000_REGISTERED_CONTROL_FACTORY (1.3.6.1.4.1.4203.1.10.1)10:27:47.873 [http-nio-8080-exec-1] INFOo.a.d.a.l.e.ExtrasCodecFactoryUtil -MSG_06000_REGISTERED_CONTROL_FACTORY (1.2.840.113556.1.4.841)10:27:47.874 [http-nio-8080-exec-1] INFOo.a.d.a.l.e.ExtrasCodecFactoryUtil -MSG_06000_REGISTERED_CONTROL_FACTORY (1.2.840.113556.1.4.841)10:27:47.874 [http-nio-8080-exec-1] INFOo.a.d.a.l.e.ExtrasCodecFactoryUtil -MSG_06000_REGISTERED_CONTROL_FACTORY (1.2.840.113556.1.4.2239)10:27:47.875 [http-nio-8080-exec-1] INFOo.a.d.a.l.e.ExtrasCodecFactoryUtil -MSG_06000_REGISTERED_CONTROL_FACTORY (1.2.840.113556.1.4.417)10:27:47.875 [http-nio-8080-exec-1] INFOo.a.d.a.l.e.ExtrasCodecFactoryUtil -MSG_06000_REGISTERED_CONTROL_FACTORY (1.2.840.113556.1.4.528)10:27:47.876 [http-nio-8080-exec-1] INFOo.a.d.a.l.e.ExtrasCodecFactoryUtil -MSG_06000_REGISTERED_CONTROL_FACTORY (2.16.840.1.113730.3.4.4)10:27:47.876 [http-nio-8080-exec-1] INFOo.a.d.a.l.e.ExtrasCodecFactoryUtil -MSG_06000_REGISTERED_CONTROL_FACTORY (1.3.6.1.4.1.42.2.27.8.5.1)10:27:47.877 [http-nio-8080-exec-1] INFOo.a.d.a.l.e.ExtrasCodecFactoryUtil -MSG_06000_REGISTERED_CONTROL_FACTORY (1.3.6.1.4.1.42.2.27.8.5.1)10:27:47.877 [http-nio-8080-exec-1] INFOo.a.d.a.l.e.ExtrasCodecFactoryUtil -MSG_06000_REGISTERED_CONTROL_FACTORY (1.2.840.113556.1.4.1413)10:27:47.877 [http-nio-8080-exec-1] INFOo.a.d.a.l.e.ExtrasCodecFactoryUtil -MSG_06000_REGISTERED_CONTROL_FACTORY (1.3.6.1.4.1.4203.1.9.1.3)10:27:47.878 [http-nio-8080-exec-1] INFOo.a.d.a.l.e.ExtrasCodecFactoryUtil -MSG_06000_REGISTERED_CONTROL_FACTORY (1.3.6.1.4.1.4203.1.9.1.1)10:27:47.878 [http-nio-8080-exec-1] INFOo.a.d.a.l.e.ExtrasCodecFactoryUtil -MSG_06000_REGISTERED_CONTROL_FACTORY (1.3.6.1.4.1.4203.1.9.1.2)10:27:47.878 [http-nio-8080-exec-1] INFOo.a.d.a.l.e.ExtrasCodecFactoryUtil -MSG_06000_REGISTERED_CONTROL_FACTORY (1.3.6.1.1.21.2)10:27:47.879 [http-nio-8080-exec-1] INFOo.a.d.a.l.e.ExtrasCodecFactoryUtil -MSG_06000_REGISTERED_CONTROL_FACTORY (2.16.840.1.113730.3.4.9)10:27:47.879 [http-nio-8080-exec-1] INFOo.a.d.a.l.e.ExtrasCodecFactoryUtil -MSG_06000_REGISTERED_CONTROL_FACTORY (2.16.840.1.113730.3.4.10)10:27:47.879 [http-nio-8080-exec-1] INFOo.a.d.a.l.e.ExtrasCodecFactoryUtil -MSG_06000_REGISTERED_CONTROL_FACTORY (1.3.6.1.4.1.4203.666.5.12)10:27:47.880 [http-nio-8080-exec-1] INFOo.a.d.a.l.e.ExtrasCodecFactoryUtil -MSG_06001_REGISTERED_EXTENDED_OP_FACTORY (1.3.6.1.1.8)10:27:47.881 [http-nio-8080-exec-1] INFOo.a.d.a.l.e.ExtrasCodecFactoryUtil -MSG_06001_REGISTERED_EXTENDED_OP_FACTORY (1.3.6.1.4.1.18060.0.1.8)10:27:47.882 [http-nio-8080-exec-1] INFOo.a.d.a.l.e.ExtrasCodecFactoryUtil -MSG_06001_REGISTERED_EXTENDED_OP_FACTORY (1.3.6.1.1.21.3)10:27:47.883 [http-nio-8080-exec-1] INFOo.a.d.a.l.e.ExtrasCodecFactoryUtil -MSG_06001_REGISTERED_EXTENDED_OP_FACTORY (1.3.6.1.4.1.18060.0.1.5)10:27:47.883 [http-nio-8080-exec-1] INFOo.a.d.a.l.e.ExtrasCodecFactoryUtil -MSG_06001_REGISTERED_EXTENDED_OP_FACTORY (1.3.6.1.4.1.18060.0.1.3)10:27:47.883 [http-nio-8080-exec-1] INFOo.a.d.a.l.e.ExtrasCodecFactoryUtil -MSG_06001_REGISTERED_EXTENDED_OP_FACTORY (1.3.6.1.4.1.1466.20036)10:27:47.884 [http-nio-8080-exec-1] INFOo.a.d.a.l.e.ExtrasCodecFactoryUtil -MSG_06001_REGISTERED_EXTENDED_OP_FACTORY (1.3.6.1.4.1.4203.1.11.1)10:27:47.885 [http-nio-8080-exec-1] INFOo.a.d.a.l.e.ExtrasCodecFactoryUtil -MSG_06001_REGISTERED_EXTENDED_OP_FACTORY (1.3.6.1.4.1.1466.20037)10:27:47.886 [http-nio-8080-exec-1] INFOo.a.d.a.l.e.ExtrasCodecFactoryUtil -MSG_06001_REGISTERED_EXTENDED_OP_FACTORY (1.3.6.1.1.21.1)10:27:47.886 [http-nio-8080-exec-1] INFOo.a.d.a.l.e.ExtrasCodecFactoryUtil -MSG_06001_REGISTERED_EXTENDED_OP_FACTORY (1.3.6.1.4.1.18060.0.1.6)10:27:47.887 [http-nio-8080-exec-1] INFOo.a.d.a.l.e.ExtrasCodecFactoryUtil -MSG_06001_REGISTERED_EXTENDED_OP_FACTORY (1.3.6.1.4.1.4203.1.11.3)10:27:47.888 [http-nio-8080-exec-1] INFOo.a.d.a.l.e.ExtrasCodecFactoryUtil -MSG_06002_REGISTERED_INTERMEDIATE_FACTORY (1.3.6.1.4.1.4203.1.9.1.4)10:27:47.896 [http-nio-8080-exec-1] DEBUGo.a.d.l.c.api.LdapNetworkConnection - MSG_04112_BIND ()10:27:47.985 [NioProcessor-1] DEBUGorg.apache.mina.filter.ssl.SslFilter - Adding the SSL Filter sslFilterto the chain10:27:47.987 [NioProcessor-1] DEBUGo.apache.mina.filter.ssl.SslHandler - Session Client[1](no sslEngine)Initializing the SSL Handler1*0:27:47.996 [NioProcessor-1] WARN o.a.m.util.DefaultExceptionMonitor- Unexpected exception.****org.apache.mina.core.filterchain.IoFilterLifeCycleException:onPreAdd(): sslFilter:SslFilter in (0x00000001: nio socket, client,/1.2.3.4:44642 => myldap.yorku.ca/1.2.3.4:636)**** atorg.apache.mina.core.filterchain.DefaultIoFilterChain.register(DefaultIoFilterChain.java:465)**** atorg.apache.mina.core.filterchain.DefaultIoFilterChain.addLast(DefaultIoFilterChain.java:234)**** atorg.apache.mina.core.filterchain.DefaultIoFilterChainBuilder.buildFilterChain(DefaultIoFilterChainBuilder.java:553)**** atorg.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.addNow(AbstractPollingIoProcessor.java:832)**** atorg.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.handleNewSessions(AbstractPollingIoProcessor.java:752)**** atorg.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:652)**** atorg.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)**** atjava.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)**** atjava.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)**
**        at java.lang.Thread.run(Thread.java:748)**
**Caused by: java.lang.IllegalArgumentException: TLSv1.3**
* atsun.security.ssl.ProtocolVersion.valueOf(ProtocolVersion.java:187)
        at sun.security.ssl.ProtocolList.convert(ProtocolList.java:84)
        at sun.security.ssl.ProtocolList.<init>(ProtocolList.java:52)
atsun.security.ssl.SSLEngineImpl.setEnabledProtocols(SSLEngineImpl.java:2070)
        at org.apache.mina.filter.ssl.SslHandler.init(SslHandler.java:177)
atorg.apache.mina.filter.ssl.SslFilter.onPreAdd(SslFilter.java:458) atorg.apache.mina.core.filterchain.DefaultIoFilterChain.register(DefaultIoFilterChain.java:463)
        ... 9 common frames omitted
10:28:18.005 [http-nio-8080-exec-1] DEBUGo.a.d.l.c.api.LdapNetworkConnection - MSG_04177_CONNECTION_TIMEOUT (30000)10:28:18.007 [http-nio-8080-exec-1] ERRORo.a.g.a.ldap.LDAPConnectionService - Binding with the LDAP server at"myldap.yorku.ca" as user"CN=guacamole,CN=Users,DC=ad,DC=eecs,DC=yorku,DC=ca" failed:MSG_04177_CONNECTION_TIMEOUT (30000)10:28:18.007 [http-nio-8080-exec-1] DEBUGo.a.g.a.ldap.LDAPConnectionService - Unable to bind to LDAP server.org.apache.directory.ldap.client.api.exception.LdapConnectionTimeOutException:MSG_04177_CONNECTION_TIMEOUT (30000)

Jason.

TLSv1.3 requirement in guac 1.4.0?

Reply via email to