Thanks Kiran, that works! On Sun, Aug 9, 2015 at 7:04 PM, Kiran Ayyagari <[email protected]> wrote:
> On Sun, Aug 9, 2015 at 7:00 PM, jeffty <[email protected]> wrote: > > > Most is illegal argument Exception: TLSV1 as below: > > > you should not use the LDAPS port (i.e, 10636 in this case) while using > StartTLS > > use the LDAP port and it will work. > > > > [09:16:20] WARN [org.apache.mina.util.DefaultExceptionMonitor] - > Unexpected > > exception. > > org.apache.mina.core.filterchain.IoFilterLifeCycleException: onPreAdd(): > > sslFilter:SslFilter in (0x00000006: nio socket, server, / > > 192.168.1.102:50073 > > => /192.168.1.82:10636) > > at > > > > > org.apache.mina.core.filterchain.DefaultIoFilterChain.register(DefaultIoFilterChain.java:383) > > at > > > > > org.apache.mina.core.filterchain.DefaultIoFilterChain.addLast(DefaultIoFilterChain.java:189) > > at > > > > > org.apache.mina.core.filterchain.DefaultIoFilterChainBuilder.buildFilterChain(DefaultIoFilterChainBuilder.java:436) > > at > > > > > org.apache.mina.core.polling.AbstractPollingIoProcessor.addNow(AbstractPollingIoProcessor.java:532) > > at > > > > > org.apache.mina.core.polling.AbstractPollingIoProcessor.handleNewSessions(AbstractPollingIoProcessor.java:505) > > at > > > > > org.apache.mina.core.polling.AbstractPollingIoProcessor.access$400(AbstractPollingIoProcessor.java:67) > > at > > > > > org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:1113) > > at > > > > > org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64) > > at > > > > > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > > at > > > > > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > > at java.lang.Thread.run(Thread.java:745) > > Caused by: java.lang.IllegalArgumentException: TLSV1 > > at sun.security.ssl.ProtocolVersion.valueOf(ProtocolVersion.java:187) > > at sun.security.ssl.ProtocolList.convert(ProtocolList.java:84) > > at sun.security.ssl.ProtocolList.<init>(ProtocolList.java:52) > > at > > > sun.security.ssl.SSLEngineImpl.setEnabledProtocols(SSLEngineImpl.java:2081) > > at org.apache.mina.filter.ssl.SslHandler.init(SslHandler.java:176) > > at org.apache.mina.filter.ssl.SslFilter.onPreAdd(SslFilter.java:426) > > at > > > > > org.apache.mina.core.filterchain.DefaultIoFilterChain.register(DefaultIoFilterChain.java:381) > > ... 10 more > > > > > > On Sun, Aug 9, 2015 at 6:57 PM, Kiran Ayyagari <[email protected]> > > wrote: > > > > > On Sun, Aug 9, 2015 at 6:47 PM, jeffty <[email protected]> wrote: > > > > > > > openjdk version "1.8.0_51" > > > > OpenJDK Runtime Environment (build 1.8.0_51-b16) > > > > OpenJDK 64-Bit Server VM (build 25.51-b03, mixed mode) > > > > > > > ok, this should work, are there any errors in the server log? > > > > > > > > > > > -----Original Message----- > > > > From: Kiran Ayyagari [mailto:[email protected]] > > > > Sent: Sunday, August 09, 2015 6:46 PM > > > > To: [email protected] > > > > Subject: Re: Enable TLSv1 in ApacheDS lead to Timeout Error > > > > > > > > On Sun, Aug 9, 2015 at 6:44 PM, jeffty <[email protected]> > wrote: > > > > > > > > > Thanks Kiran. > > > > > > > > > > Enable LDAPS Server option is checked and login is OK (when TLSv1 > is > > > > > not enabled and Encryption method is Use SSL encryption ldaps://). > > > > > > > > > > After enable TLSv1 protocol, I change the Encryption method to Use > > > > > StartTLS extension and still got PROTOCOL_ERROR. > > > > > > > > > on which java version the server is running? > > > > > > > > > > > > > > See attached screenshot error_authenticate.jpg and connect_test.png > > > > > > > > > > Thanks. > > > > > > > > > > On Sun, Aug 9, 2015 at 6:06 PM, Kiran Ayyagari < > [email protected] > > > > > > > > wrote: > > > > > > > > > >> On Sun, Aug 9, 2015 at 4:48 PM, jeffty <[email protected]> > > > wrote: > > > > >> > > > > >> > Hi All, > > > > >> > > > > > >> > > > > > >> > > > > > >> > I’ve enabled TLSv1 in ApacheDS, after restart the service I got > a > > > > >> timeout > > > > >> > error and fail to login again. > > > > >> > > > > > >> > In Apache Directory Studio network Parameter, encryption method > is > > > > >> > Use > > > > >> SSL > > > > >> > encryption(ldaps://) and > > > > >> > > > > > >> two things: > > > > >> 1. ldaps:// only works when the "Enable LDAPS Server" option is > > > > >> checked in the config editor 2. you can still connect securely > > > > >> without enabling the above option by using "Use StartTLS > Extension" > > > > >> option for the "Encryption method" on "Network Parameter" tab > in > > > > >> Studio. > > > > >> > > > > >> > > > > >> > provider is Apache Directory LDAP Client API. > > > > >> > > > > > >> > And in Authentication the authentication method is Simple > > > > >> Authentication. > > > > >> > > > > > >> > > > > > >> > > > > > >> > Below is my environment: > > > > >> > > > > > >> > ApacheDS: apacheds-2.0.0-M20-x86_64 > > > > >> > > > > > >> > Directory Studio: > > > > >> > ApacheDirectoryStudio-2.0.0.v20150606-M9-win32.x86_64 > > > > >> > > > > > >> > OS: CentOS6.6 > > > > >> > > > > > >> > > > > > >> > > > > > >> > I haven’t found any clues in apache ds website and no related > > > > >> > articles found by google either. > > > > >> > > > > > >> > Is there any guidance for login ds with TLSv1 enabled ? Thanks a > > > lot. > > > > >> > > > > > >> > Jason > > > > >> > > > > > >> > > > > >> > > > > >> > > > > >> -- > > > > >> Kiran Ayyagari > > > > >> http://keydap.com > > > > >> > > > > > > > > > > > > > > > > > > > > > > -- > > > > Kiran Ayyagari > > > > http://keydap.com > > > > > > > > > > > > > > > > > -- > > > Kiran Ayyagari > > > http://keydap.com > > > > > > > > > -- > Kiran Ayyagari > http://keydap.com >
