Also tried V1.1 and V1.2, V1.1 works but V1.2 got EXTENSION_OID 1.3.6.1.4.1.1466.20037 has failed to process your request error.
JDK8 supports V1.2, right? On Sun, Aug 9, 2015 at 8:12 PM, jeffty <[email protected]> wrote: > Thanks Kiran, that works! > > On Sun, Aug 9, 2015 at 7:04 PM, Kiran Ayyagari <[email protected]> > wrote: > >> On Sun, Aug 9, 2015 at 7:00 PM, jeffty <[email protected]> wrote: >> >> > Most is illegal argument Exception: TLSV1 as below: >> > >> you should not use the LDAPS port (i.e, 10636 in this case) while using >> StartTLS >> >> use the LDAP port and it will work. >> >> >> > [09:16:20] WARN [org.apache.mina.util.DefaultExceptionMonitor] - >> Unexpected >> > exception. >> > org.apache.mina.core.filterchain.IoFilterLifeCycleException: onPreAdd(): >> > sslFilter:SslFilter in (0x00000006: nio socket, server, / >> > 192.168.1.102:50073 >> > => /192.168.1.82:10636) >> > at >> > >> > >> org.apache.mina.core.filterchain.DefaultIoFilterChain.register(DefaultIoFilterChain.java:383) >> > at >> > >> > >> org.apache.mina.core.filterchain.DefaultIoFilterChain.addLast(DefaultIoFilterChain.java:189) >> > at >> > >> > >> org.apache.mina.core.filterchain.DefaultIoFilterChainBuilder.buildFilterChain(DefaultIoFilterChainBuilder.java:436) >> > at >> > >> > >> org.apache.mina.core.polling.AbstractPollingIoProcessor.addNow(AbstractPollingIoProcessor.java:532) >> > at >> > >> > >> org.apache.mina.core.polling.AbstractPollingIoProcessor.handleNewSessions(AbstractPollingIoProcessor.java:505) >> > at >> > >> > >> org.apache.mina.core.polling.AbstractPollingIoProcessor.access$400(AbstractPollingIoProcessor.java:67) >> > at >> > >> > >> org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:1113) >> > at >> > >> > >> org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64) >> > at >> > >> > >> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) >> > at >> > >> > >> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) >> > at java.lang.Thread.run(Thread.java:745) >> > Caused by: java.lang.IllegalArgumentException: TLSV1 >> > at sun.security.ssl.ProtocolVersion.valueOf(ProtocolVersion.java:187) >> > at sun.security.ssl.ProtocolList.convert(ProtocolList.java:84) >> > at sun.security.ssl.ProtocolList.<init>(ProtocolList.java:52) >> > at >> > >> sun.security.ssl.SSLEngineImpl.setEnabledProtocols(SSLEngineImpl.java:2081) >> > at org.apache.mina.filter.ssl.SslHandler.init(SslHandler.java:176) >> > at org.apache.mina.filter.ssl.SslFilter.onPreAdd(SslFilter.java:426) >> > at >> > >> > >> org.apache.mina.core.filterchain.DefaultIoFilterChain.register(DefaultIoFilterChain.java:381) >> > ... 10 more >> > >> > >> > On Sun, Aug 9, 2015 at 6:57 PM, Kiran Ayyagari <[email protected]> >> > wrote: >> > >> > > On Sun, Aug 9, 2015 at 6:47 PM, jeffty <[email protected]> >> wrote: >> > > >> > > > openjdk version "1.8.0_51" >> > > > OpenJDK Runtime Environment (build 1.8.0_51-b16) >> > > > OpenJDK 64-Bit Server VM (build 25.51-b03, mixed mode) >> > > > >> > > ok, this should work, are there any errors in the server log? >> > > >> > > > >> > > > -----Original Message----- >> > > > From: Kiran Ayyagari [mailto:[email protected]] >> > > > Sent: Sunday, August 09, 2015 6:46 PM >> > > > To: [email protected] >> > > > Subject: Re: Enable TLSv1 in ApacheDS lead to Timeout Error >> > > > >> > > > On Sun, Aug 9, 2015 at 6:44 PM, jeffty <[email protected]> >> wrote: >> > > > >> > > > > Thanks Kiran. >> > > > > >> > > > > Enable LDAPS Server option is checked and login is OK (when TLSv1 >> is >> > > > > not enabled and Encryption method is Use SSL encryption ldaps://). >> > > > > >> > > > > After enable TLSv1 protocol, I change the Encryption method to Use >> > > > > StartTLS extension and still got PROTOCOL_ERROR. >> > > > > >> > > > on which java version the server is running? >> > > > >> > > > > >> > > > > See attached screenshot error_authenticate.jpg and >> connect_test.png >> > > > > >> > > > > Thanks. >> > > > > >> > > > > On Sun, Aug 9, 2015 at 6:06 PM, Kiran Ayyagari < >> [email protected] >> > > >> > > > > wrote: >> > > > > >> > > > >> On Sun, Aug 9, 2015 at 4:48 PM, jeffty <[email protected]> >> > > wrote: >> > > > >> >> > > > >> > Hi All, >> > > > >> > >> > > > >> > >> > > > >> > >> > > > >> > I’ve enabled TLSv1 in ApacheDS, after restart the service I >> got a >> > > > >> timeout >> > > > >> > error and fail to login again. >> > > > >> > >> > > > >> > In Apache Directory Studio network Parameter, encryption >> method is >> > > > >> > Use >> > > > >> SSL >> > > > >> > encryption(ldaps://) and >> > > > >> > >> > > > >> two things: >> > > > >> 1. ldaps:// only works when the "Enable LDAPS Server" option is >> > > > >> checked in the config editor 2. you can still connect securely >> > > > >> without enabling the above option by using "Use StartTLS >> Extension" >> > > > >> option for the "Encryption method" on "Network Parameter" >> tab in >> > > > >> Studio. >> > > > >> >> > > > >> >> > > > >> > provider is Apache Directory LDAP Client API. >> > > > >> > >> > > > >> > And in Authentication the authentication method is Simple >> > > > >> Authentication. >> > > > >> > >> > > > >> > >> > > > >> > >> > > > >> > Below is my environment: >> > > > >> > >> > > > >> > ApacheDS: apacheds-2.0.0-M20-x86_64 >> > > > >> > >> > > > >> > Directory Studio: >> > > > >> > ApacheDirectoryStudio-2.0.0.v20150606-M9-win32.x86_64 >> > > > >> > >> > > > >> > OS: CentOS6.6 >> > > > >> > >> > > > >> > >> > > > >> > >> > > > >> > I haven’t found any clues in apache ds website and no related >> > > > >> > articles found by google either. >> > > > >> > >> > > > >> > Is there any guidance for login ds with TLSv1 enabled ? Thanks >> a >> > > lot. >> > > > >> > >> > > > >> > Jason >> > > > >> > >> > > > >> >> > > > >> >> > > > >> >> > > > >> -- >> > > > >> Kiran Ayyagari >> > > > >> http://keydap.com >> > > > >> >> > > > > >> > > > > >> > > > >> > > > >> > > > -- >> > > > Kiran Ayyagari >> > > > http://keydap.com >> > > > >> > > > >> > > >> > > >> > > -- >> > > Kiran Ayyagari >> > > http://keydap.com >> > > >> > >> >> >> >> -- >> Kiran Ayyagari >> http://keydap.com >> > >
