Return-Path: <dev-return-54635-archive-asf-public=cust-asf.ponee.io@directory.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id D08B7200BA3
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Wed,  5 Oct 2016 14:02:22 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id CF515160ADE; Wed,  5 Oct 2016 12:02:22 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id 1D3D8160AEF
	for <archive-asf-public@cust-asf.ponee.io>; Wed,  5 Oct 2016 14:02:21 +0200 (CEST)
Received: (qmail 88291 invoked by uid 500); 5 Oct 2016 12:02:21 -0000
Mailing-List: contact dev-help@directory.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@directory.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@directory.apache.org>
List-Post: <mailto:dev@directory.apache.org>
List-Id: <dev.directory.apache.org>
Reply-To: "Apache Directory Developers List" <dev@directory.apache.org>
Delivered-To: mailing list dev@directory.apache.org
Received: (qmail 88114 invoked by uid 99); 5 Oct 2016 12:02:20 -0000
Received: from arcas.apache.org (HELO arcas) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 05 Oct 2016 12:02:20 +0000
Received: from arcas.apache.org (localhost [127.0.0.1])
	by arcas (Postfix) with ESMTP id B0DBF2C0032
	for <dev@directory.apache.org>; Wed,  5 Oct 2016 12:02:20 +0000 (UTC)
Date: Wed, 5 Oct 2016 12:02:20 +0000 (UTC)
From: "Andreas Riddering (JIRA)" <jira@apache.org>
To: dev@directory.apache.org
Message-ID: <JIRA.12765504.1420675654000.741702.1475668940721@Atlassian.JIRA>
In-Reply-To: <JIRA.12765504.1420675654000@Atlassian.JIRA>
References: <JIRA.12765504.1420675654000@Atlassian.JIRA> <JIRA.12765504.1420675654008@arcas>
Subject: [jira] [Commented] (DIRSERVER-2043) SSL connection failures errors
 are useless
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394
archived-at: Wed, 05 Oct 2016 12:02:23 -0000


    [ https://issues.apache.org/jira/browse/DIRSERVER-2043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15548503#comment-15548503 ] 

Andreas Riddering commented on DIRSERVER-2043:
----------------------------------------------

I could give it a try later on, if its possible to test this on the test-environment. But as there are serveral hundrets of people using the prouctive env and as its configured with HA stuff and so on, it won't be possible to change this within a short matter of time.

I am just wondering, why ADS is working fine with an older Java-Version, but refuses to connect to the same server when working with a newer version. There must be something, thats taking into account?!?

As i did some testing, your supposal with TLSv1.1 could solve our problem. I tried to connect to the (older) server with tls1_1 via openssl, and it didnt work. Using a newer server, which supports TLS1.1 and 1.2 can be connected to via ADS and newer JavaVersion.

So, is it possible to start ADS (with newer Java Version) with TLS1(.0) Support enabled?
For the short term it only needs to use the older java version or has tls1(.0) support enabled. Couldn't find out how this is possible...

> SSL connection failures errors are useless
> ------------------------------------------
>
>                 Key: DIRSERVER-2043
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-2043
>             Project: Directory ApacheDS
>          Issue Type: Bug
>    Affects Versions: 2.0.0-M19
>            Reporter: Roy Wellington
>            Priority: Minor
>
> When connecting, if StartTLS fails, you get an error such as the following:
> {noformat}
> Error while opening connection
>  - SSL handshake failed.
> org.apache.directory.ldap.client.api.exception.InvalidConnectionException: SSL handshake failed.
> 	at org.apache.directory.ldap.client.api.LdapNetworkConnection.writeRequest(LdapNetworkConnection.java:3939)
> 	at org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1178)
> 	at org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1076)
> 	at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:368)
> 	at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1175)
> 	at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:460)
> 	at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:306)
> 	at org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.run(OpenConnectionsRunnable.java:114)
> 	at org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109)
> 	at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54)
> SSL handshake failed.
> {noformat}
> But _why_ did the SSL handshake fail? I don't need the stack trace, I need to know what exactly failed, something like what Firefox/Chrome do on SSL failures. I'm trying to debug this right now, and I have absolutely no idea what's going on here.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)