On Mon, Jan 3, 2022 at 11:18 AM Jason Keltz <[email protected]> wrote: > Hi.. > > I tried to bring install Guac 1.4.0 into place on our CentOS 7 server > running 1.3.0. I kept getting "invalid user" for logins. After some > debugging, I see in the logs (included below in more detail) an exception > caused by "Caused by: java.lang.IllegalArgumentException: TLSv1.3". I > believe there is an attempt to connect to the LDAP server with TLS 1.3, and > when that fails, the auth fails as well, where-as previously TLS 1.2 would > have been used. I may be wrong. > > The identical configuration works with 1.3. > > Is something requiring TLS v1.3 now that previously worked with 1.2? > > We updated the dependencies for just about everything, including the Apache Directory API. The latest version of the Apache LDAP API defaults to TLSv1.3:
- [DIRAPI-375]https://issues.apache.org/jira/browse/DIRAPI-375) - Add TLSv1.3 to default protocols I suspect this is what you're seeing. You can continue to use the 1.3 LDAP extension with Guacamole Client 1.4.0, so that'll work around it for now; however, looks like we may need to find a way to make this configurable. You're welcome to open a Jira issue for it - I'm sure adding an option for TLS version will be reasonably straight-forward. -Nick >
