directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kiran Ayyagari <kayyag...@apache.org>
Subject Re: Enable TLSv1 in ApacheDS lead to Timeout Error
Date Sun, 09 Aug 2015 11:04:38 GMT
On Sun, Aug 9, 2015 at 7:00 PM, jeffty <wantwatering@gmail.com> wrote:

> Most is illegal argument Exception: TLSV1 as below:
>
you should not use the LDAPS port (i.e, 10636 in this case) while using
StartTLS

use the LDAP port and it will work.


> [09:16:20] WARN [org.apache.mina.util.DefaultExceptionMonitor] - Unexpected
> exception.
> org.apache.mina.core.filterchain.IoFilterLifeCycleException: onPreAdd():
> sslFilter:SslFilter in (0x00000006: nio socket, server, /
> 192.168.1.102:50073
> => /192.168.1.82:10636)
> at
>
> org.apache.mina.core.filterchain.DefaultIoFilterChain.register(DefaultIoFilterChain.java:383)
> at
>
> org.apache.mina.core.filterchain.DefaultIoFilterChain.addLast(DefaultIoFilterChain.java:189)
> at
>
> org.apache.mina.core.filterchain.DefaultIoFilterChainBuilder.buildFilterChain(DefaultIoFilterChainBuilder.java:436)
> at
>
> org.apache.mina.core.polling.AbstractPollingIoProcessor.addNow(AbstractPollingIoProcessor.java:532)
> at
>
> org.apache.mina.core.polling.AbstractPollingIoProcessor.handleNewSessions(AbstractPollingIoProcessor.java:505)
> at
>
> org.apache.mina.core.polling.AbstractPollingIoProcessor.access$400(AbstractPollingIoProcessor.java:67)
> at
>
> org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:1113)
> at
>
> org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
> at
>
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at
>
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:745)
> Caused by: java.lang.IllegalArgumentException: TLSV1
> at sun.security.ssl.ProtocolVersion.valueOf(ProtocolVersion.java:187)
> at sun.security.ssl.ProtocolList.convert(ProtocolList.java:84)
> at sun.security.ssl.ProtocolList.<init>(ProtocolList.java:52)
> at
> sun.security.ssl.SSLEngineImpl.setEnabledProtocols(SSLEngineImpl.java:2081)
> at org.apache.mina.filter.ssl.SslHandler.init(SslHandler.java:176)
> at org.apache.mina.filter.ssl.SslFilter.onPreAdd(SslFilter.java:426)
> at
>
> org.apache.mina.core.filterchain.DefaultIoFilterChain.register(DefaultIoFilterChain.java:381)
> ... 10 more
>
>
> On Sun, Aug 9, 2015 at 6:57 PM, Kiran Ayyagari <kayyagari@apache.org>
> wrote:
>
> > On Sun, Aug 9, 2015 at 6:47 PM, jeffty <wantwatering@gmail.com> wrote:
> >
> > > openjdk version "1.8.0_51"
> > > OpenJDK Runtime Environment (build 1.8.0_51-b16)
> > > OpenJDK 64-Bit Server VM (build 25.51-b03, mixed mode)
> > >
> > ok, this should work, are there any errors in the server log?
> >
> > >
> > > -----Original Message-----
> > > From: Kiran Ayyagari [mailto:kayyagari@apache.org]
> > > Sent: Sunday, August 09, 2015 6:46 PM
> > > To: users@directory.apache.org
> > > Subject: Re: Enable TLSv1 in ApacheDS lead to Timeout Error
> > >
> > > On Sun, Aug 9, 2015 at 6:44 PM, jeffty <wantwatering@gmail.com> wrote:
> > >
> > > > Thanks Kiran.
> > > >
> > > > Enable LDAPS Server option is checked and login is OK (when TLSv1 is
> > > > not enabled and Encryption method is Use SSL encryption ldaps://).
> > > >
> > > > After enable TLSv1 protocol, I change the Encryption method to Use
> > > > StartTLS extension and still got PROTOCOL_ERROR.
> > > >
> > > on which java version the server is running?
> > >
> > > >
> > > > See attached screenshot error_authenticate.jpg and connect_test.png
> > > >
> > > > Thanks.
> > > >
> > > > On Sun, Aug 9, 2015 at 6:06 PM, Kiran Ayyagari <kayyagari@apache.org
> >
> > > > wrote:
> > > >
> > > >> On Sun, Aug 9, 2015 at 4:48 PM, jeffty <wantwatering@gmail.com>
> > wrote:
> > > >>
> > > >> > Hi All,
> > > >> >
> > > >> >
> > > >> >
> > > >> > I’ve enabled TLSv1 in ApacheDS, after restart the service I
got a
> > > >> timeout
> > > >> > error and fail to login again.
> > > >> >
> > > >> > In Apache Directory Studio network Parameter, encryption method
is
> > > >> > Use
> > > >> SSL
> > > >> > encryption(ldaps://) and
> > > >> >
> > > >> two things:
> > > >> 1. ldaps:// only works when the "Enable LDAPS Server" option is
> > > >> checked in the config editor 2. you can still connect securely
> > > >> without enabling the above option by using "Use StartTLS Extension"
> > > >>     option for the "Encryption method" on "Network Parameter" tab
in
> > > >> Studio.
> > > >>
> > > >>
> > > >> > provider is Apache Directory LDAP Client API.
> > > >> >
> > > >> > And in Authentication the authentication method is Simple
> > > >> Authentication.
> > > >> >
> > > >> >
> > > >> >
> > > >> > Below is my environment:
> > > >> >
> > > >> > ApacheDS: apacheds-2.0.0-M20-x86_64
> > > >> >
> > > >> > Directory Studio:
> > > >> > ApacheDirectoryStudio-2.0.0.v20150606-M9-win32.x86_64
> > > >> >
> > > >> > OS: CentOS6.6
> > > >> >
> > > >> >
> > > >> >
> > > >> > I haven’t found any clues in apache ds website and no related
> > > >> > articles found by google either.
> > > >> >
> > > >> > Is there any guidance for login ds with TLSv1 enabled ? Thanks
a
> > lot.
> > > >> >
> > > >> > Jason
> > > >> >
> > > >>
> > > >>
> > > >>
> > > >> --
> > > >> Kiran Ayyagari
> > > >> http://keydap.com
> > > >>
> > > >
> > > >
> > >
> > >
> > > --
> > > Kiran Ayyagari
> > > http://keydap.com
> > >
> > >
> >
> >
> > --
> > Kiran Ayyagari
> > http://keydap.com
> >
>



-- 
Kiran Ayyagari
http://keydap.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message