On 02/08/2018 11:04 AM, Alan Griffiths wrote:
Hi,

Trying to configure Engine to authenticate against OpenLDAP and I seem
to be hitting a protocol bug.

Attempts to test the login during the setup fail with

2018-02-07 12:27:37,872Z WARNING Exception: The connection reader was
unable to successfully complete TLS negotiation:
SSLException(message='Received fatal alert: protocol_version',
trace='getSSLException(Alerts.java:208) /
getSSLException(Alerts.java:154) / recvAlert(SSLSocketImpl.java:2033)
/ readRecord(SSLSocketImpl.java:1135) /
performInitialHandshake(SSLSocketImpl.java:1385) /
startHandshake(SSLSocketImpl.java:1413) /
startHandshake(SSLSocketImpl.java:1397) /
run(LDAPConnectionReader.java:301)', revision=0)

Running a packet trace I see that it's trying to negotiate with TLS
1.0, but my LDAP server only support TLS 1.2.

I've sent a fix:

 https://gerrit.ovirt.org/87327

To workaround it just please add to you profile properties file:

 pool.default.ssl.startTLSProtocol = TLSv1.2


This looks like a regression as it works fine in 4.0.

I see the issue in both 4.1 and 4.2

4.1.9.1
4.2.0.2

Should I submit a bug?

Thanks,

Alan
_______________________________________________
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

_______________________________________________
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Reply via email to