Mailing-List: contact api-help@directory.apache.org; run by ezmlm
Precedence: bulk
Reply-To: api@directory.apache.org
MIME-Version: 1.0
In-Reply-To: <2C9A5D8C56A5244289D060CE1DEFAA7B110515F4@EG-MBX1.corp.its.ws>
References: <2C9A5D8C56A5244289D060CE1DEFAA7B110515F4@EG-MBX1.corp.its.ws>
Date: Tue, 24 Mar 2015 20:27:04 +0800
Message-ID: 
 <CABzFU-d0Si6BR5GgJChyk94ZETq7R+Eb3CHK3w+hxfZK-pO=sA@mail.gmail.com>
Subject: Re: Problem using TLS or SSL to establish a secure binding
From: Kiran Ayyagari <kayyagari@apache.org>
To: api@directory.apache.org
Content-Type: multipart/alternative; boundary=90e6ba2121db820a9e051207e6ca

--90e6ba2121db820a9e051207e6ca
Content-Type: text/plain; charset=UTF-8

On Tue, Mar 24, 2015 at 6:21 PM, Karim Hosny <karim.hosny@its.ws> wrote:

> Hi,
>
> I have a problem trying to create a TLS negotiation or an SSL binding with
> my Active Directory server running on windows 2008, although it works fine
> with JNDI api but the apache directory is more feasible for my case since
> it will include Kerberos authentication.
>
> I use the certificate for the account I use to login with as a PKCS12
> certificate, and I have the CA from the server added to the cacerts file
> but I get failed to initialize SSL context exception, the exception is at
> the end of the email.
>
> My code:
>
> LdapConnectionConfig config = new LdapConnectionConfig();
> config.setLdapHost(SERVER);
> config.setLdapPort(389);
> KeyStore keystore = KeyStore.getInstance("JKS");
>                 keystore.load(new
> FileInputStream("C:\\bea\\jrockit_160_05\\jre\\lib\\security\\certificate.jks"),
> "P@ssw0rd".toCharArray());
> TrustManagerFactory tmf =
> TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
> tmf.init(keystore);
> config.setTrustManagers(tmf.getTrustManagers());
> config.setName("CN=testUser,CN=Users,DC=bmrk,DC=com");
> config.setCredentials("P@ssw0rd");
> LdapNetworkConnection ldapNetworkConnection = new
> LdapNetworkConnection(config);
> ldapNetworkConnection.startTls();//the exception is thrown here
> ldapNetworkConnection.bind();
>
> Exception:
> Exception in thread "Main Thread"
> org.apache.directory.api.ldap.model.exception.LdapException: Failed to
> initialize the SSL context
>       at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.addSslFilter(LdapNetworkConnection.java:3839)
>       at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.startTls(LdapNetworkConnection.java:3788)
>       at LDAPConTest.testLoginToLDAPDOMAIN(LDAPConTest.java:102)
>       at LDAPConTest.main(LDAPConTest.java:57)
> Caused by: org.apache.mina.core.filterchain.IoFilterLifeCycleException:
> onPreAdd(): sslFilter:SslFilter in (0x00000001: nio socket, client, /
> 10.90.92.20:39519 => BMRKDC02.bmrk.com/10.90.92.3:389)
>       at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.register(DefaultIoFilterChain.java:383)
>       at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.addFirst(DefaultIoFilterChain.java:184)
>       at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.addSslFilter(LdapNetworkConnection.java:3832)
>       ... 3 more
> Caused by: java.lang.IllegalArgumentException: TLSv1.1
>
you must be using java version <= 1.6, TLSv1.1 is available from version
1.7 and higher
so use java version >= 1.7

>       at
> com.sun.net.ssl.internal.ssl.ProtocolVersion.valueOf(ProtocolVersion.java:133)
>       at
> com.sun.net.ssl.internal.ssl.ProtocolList.<init>(ProtocolList.java:38)
>       at
> com.sun.net.ssl.internal.ssl.SSLEngineImpl.setEnabledProtocols(SSLEngineImpl.java:1736)
>       at org.apache.mina.filter.ssl.SslHandler.init(SslHandler.java:176)
>       at org.apache.mina.filter.ssl.SslFilter.onPreAdd(SslFilter.java:426)
>       at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.register(DefaultIoFilterChain.java:381)
>       ... 5 more
>
>
> Any ideas where the issue may come from?
>
> Thanks,
>
> Karim
>


-- 
Kiran Ayyagari
http://keydap.com

--90e6ba2121db820a9e051207e6ca--