directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andreas Riddering (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DIRSERVER-2043) SSL connection failures errors are useless
Date Wed, 05 Oct 2016 12:02:20 GMT

    [ https://issues.apache.org/jira/browse/DIRSERVER-2043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15548503#comment-15548503
] 

Andreas Riddering commented on DIRSERVER-2043:
----------------------------------------------

I could give it a try later on, if its possible to test this on the test-environment. But
as there are serveral hundrets of people using the prouctive env and as its configured with
HA stuff and so on, it won't be possible to change this within a short matter of time.

I am just wondering, why ADS is working fine with an older Java-Version, but refuses to connect
to the same server when working with a newer version. There must be something, thats taking
into account?!?

As i did some testing, your supposal with TLSv1.1 could solve our problem. I tried to connect
to the (older) server with tls1_1 via openssl, and it didnt work. Using a newer server, which
supports TLS1.1 and 1.2 can be connected to via ADS and newer JavaVersion.

So, is it possible to start ADS (with newer Java Version) with TLS1(.0) Support enabled?
For the short term it only needs to use the older java version or has tls1(.0) support enabled.
Couldn't find out how this is possible...

> SSL connection failures errors are useless
> ------------------------------------------
>
>                 Key: DIRSERVER-2043
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-2043
>             Project: Directory ApacheDS
>          Issue Type: Bug
>    Affects Versions: 2.0.0-M19
>            Reporter: Roy Wellington
>            Priority: Minor
>
> When connecting, if StartTLS fails, you get an error such as the following:
> {noformat}
> Error while opening connection
>  - SSL handshake failed.
> org.apache.directory.ldap.client.api.exception.InvalidConnectionException: SSL handshake
failed.
> 	at org.apache.directory.ldap.client.api.LdapNetworkConnection.writeRequest(LdapNetworkConnection.java:3939)
> 	at org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1178)
> 	at org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1076)
> 	at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:368)
> 	at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1175)
> 	at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:460)
> 	at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:306)
> 	at org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.run(OpenConnectionsRunnable.java:114)
> 	at org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109)
> 	at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54)
> SSL handshake failed.
> {noformat}
> But _why_ did the SSL handshake fail? I don't need the stack trace, I need to know what
exactly failed, something like what Firefox/Chrome do on SSL failures. I'm trying to debug
this right now, and I have absolutely no idea what's going on here.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message