From users-return-3514-apmail-directory-users-archive=directory.apache.org@directory.apache.org Wed Sep 15 10:13:45 2010 Return-Path: Delivered-To: apmail-directory-users-archive@www.apache.org Received: (qmail 32249 invoked from network); 15 Sep 2010 10:13:45 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 15 Sep 2010 10:13:45 -0000 Received: (qmail 38412 invoked by uid 500); 15 Sep 2010 10:13:45 -0000 Delivered-To: apmail-directory-users-archive@directory.apache.org Received: (qmail 38187 invoked by uid 500); 15 Sep 2010 10:13:42 -0000 Mailing-List: contact users-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@directory.apache.org Delivered-To: mailing list users@directory.apache.org Received: (qmail 38021 invoked by uid 99); 15 Sep 2010 10:13:41 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 15 Sep 2010 10:13:41 +0000 X-ASF-Spam-Status: No, hits=0.7 required=10.0 tests=FREEMAIL_FROM,SPF_NEUTRAL,T_TO_NO_BRKTS_FREEMAIL,WEIRD_PORT X-Spam-Check-By: apache.org Received-SPF: neutral (athena.apache.org: 150.101.164.76 is neither permitted nor denied by domain of mctozzy@gmail.com) Received: from [150.101.164.76] (HELO ingennia.com.au) (150.101.164.76) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 15 Sep 2010 10:13:35 +0000 Received: from [192.168.1.65] (HELO [192.168.1.65]) by ingennia.com.au (CommuniGate Pro SMTP 4.1.5) with ESMTP-TLS id 1456066 for users@directory.apache.org; Wed, 15 Sep 2010 20:13:14 +1000 Message-ID: <4C909CBD.9090003@gmail.com> Date: Wed, 15 Sep 2010 20:15:25 +1000 From: mctozzy@gmail.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.9) Gecko/20100825 Lightning/1.0b2 Thunderbird/3.1.3 MIME-Version: 1.0 To: users@directory.apache.org Subject: Re: [ApacheDS] SSL Problems with Thunderbird References: <4C904671.6070308@gmail.com> In-Reply-To: <4C904671.6070308@gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit I finally found the answer by looking at what was going on at wireshark level and comparing with working connections. Thunderbird 3 by default uses TLS1.0 with SSL3. I don't think ApacheDS copes too well with this combination. (Other clients are using SSLv2 not SSLv3). I found out how to disable the use of TLS in Thunderbird and all came good. The setting is in the config prefs: security.enable_tls This seems like a bug in ApacheDS, but I could not see any Jira issue for it. MT On 15/09/10 2:07 PM, mctozzy@gmail.com wrote: > Trying to get Thunderbird talking SSL to ApacheDS 1.5.7 but having > difficulties. Non-SSL working fine. Other clients (such as iPhone and > Apache Studio DS) also work fine with and without SSL against the same > server. So I have ruled out basic connectivity issues etc. > > In Thunderbird, it seems to go awry when it's reading the > certificate. If I try installing an exception for that server, and > plug in the URL https://my.server.com:636 (or ldaps instead of > https), it comes back with "No Information Available". And "Unable to > obtain identification status for the given site". > > I have tried installing a self-signed certificate with slightly > different parameters but this makes no difference. Also tried TB on > another machine, just in case my TB install was hosed in some way, but > same result. > > Have tried this in Thunderbird 3.0.6, 3.0.7 and 3.1.2. Thunderbird > SSL also working fine with other servers for IMAPS, SMTPS etc, just > not LDAPS on ApacheDS. > > Does anyone else have this combination working? > > Cheers, MT