directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jeffty <wantwater...@gmail.com>
Subject Re: Enable TLSv1 in ApacheDS lead to Timeout Error
Date Sun, 09 Aug 2015 12:36:35 GMT
Also tried V1.1 and V1.2,
V1.1 works but V1.2 got EXTENSION_OID 1.3.6.1.4.1.1466.20037 has failed to
process your request error.

JDK8 supports V1.2, right?




On Sun, Aug 9, 2015 at 8:12 PM, jeffty <wantwatering@gmail.com> wrote:

> Thanks Kiran, that works!
>
> On Sun, Aug 9, 2015 at 7:04 PM, Kiran Ayyagari <kayyagari@apache.org>
> wrote:
>
>> On Sun, Aug 9, 2015 at 7:00 PM, jeffty <wantwatering@gmail.com> wrote:
>>
>> > Most is illegal argument Exception: TLSV1 as below:
>> >
>> you should not use the LDAPS port (i.e, 10636 in this case) while using
>> StartTLS
>>
>> use the LDAP port and it will work.
>>
>>
>> > [09:16:20] WARN [org.apache.mina.util.DefaultExceptionMonitor] -
>> Unexpected
>> > exception.
>> > org.apache.mina.core.filterchain.IoFilterLifeCycleException: onPreAdd():
>> > sslFilter:SslFilter in (0x00000006: nio socket, server, /
>> > 192.168.1.102:50073
>> > => /192.168.1.82:10636)
>> > at
>> >
>> >
>> org.apache.mina.core.filterchain.DefaultIoFilterChain.register(DefaultIoFilterChain.java:383)
>> > at
>> >
>> >
>> org.apache.mina.core.filterchain.DefaultIoFilterChain.addLast(DefaultIoFilterChain.java:189)
>> > at
>> >
>> >
>> org.apache.mina.core.filterchain.DefaultIoFilterChainBuilder.buildFilterChain(DefaultIoFilterChainBuilder.java:436)
>> > at
>> >
>> >
>> org.apache.mina.core.polling.AbstractPollingIoProcessor.addNow(AbstractPollingIoProcessor.java:532)
>> > at
>> >
>> >
>> org.apache.mina.core.polling.AbstractPollingIoProcessor.handleNewSessions(AbstractPollingIoProcessor.java:505)
>> > at
>> >
>> >
>> org.apache.mina.core.polling.AbstractPollingIoProcessor.access$400(AbstractPollingIoProcessor.java:67)
>> > at
>> >
>> >
>> org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:1113)
>> > at
>> >
>> >
>> org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
>> > at
>> >
>> >
>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>> > at
>> >
>> >
>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>> > at java.lang.Thread.run(Thread.java:745)
>> > Caused by: java.lang.IllegalArgumentException: TLSV1
>> > at sun.security.ssl.ProtocolVersion.valueOf(ProtocolVersion.java:187)
>> > at sun.security.ssl.ProtocolList.convert(ProtocolList.java:84)
>> > at sun.security.ssl.ProtocolList.<init>(ProtocolList.java:52)
>> > at
>> >
>> sun.security.ssl.SSLEngineImpl.setEnabledProtocols(SSLEngineImpl.java:2081)
>> > at org.apache.mina.filter.ssl.SslHandler.init(SslHandler.java:176)
>> > at org.apache.mina.filter.ssl.SslFilter.onPreAdd(SslFilter.java:426)
>> > at
>> >
>> >
>> org.apache.mina.core.filterchain.DefaultIoFilterChain.register(DefaultIoFilterChain.java:381)
>> > ... 10 more
>> >
>> >
>> > On Sun, Aug 9, 2015 at 6:57 PM, Kiran Ayyagari <kayyagari@apache.org>
>> > wrote:
>> >
>> > > On Sun, Aug 9, 2015 at 6:47 PM, jeffty <wantwatering@gmail.com>
>> wrote:
>> > >
>> > > > openjdk version "1.8.0_51"
>> > > > OpenJDK Runtime Environment (build 1.8.0_51-b16)
>> > > > OpenJDK 64-Bit Server VM (build 25.51-b03, mixed mode)
>> > > >
>> > > ok, this should work, are there any errors in the server log?
>> > >
>> > > >
>> > > > -----Original Message-----
>> > > > From: Kiran Ayyagari [mailto:kayyagari@apache.org]
>> > > > Sent: Sunday, August 09, 2015 6:46 PM
>> > > > To: users@directory.apache.org
>> > > > Subject: Re: Enable TLSv1 in ApacheDS lead to Timeout Error
>> > > >
>> > > > On Sun, Aug 9, 2015 at 6:44 PM, jeffty <wantwatering@gmail.com>
>> wrote:
>> > > >
>> > > > > Thanks Kiran.
>> > > > >
>> > > > > Enable LDAPS Server option is checked and login is OK (when TLSv1
>> is
>> > > > > not enabled and Encryption method is Use SSL encryption ldaps://).
>> > > > >
>> > > > > After enable TLSv1 protocol, I change the Encryption method to
Use
>> > > > > StartTLS extension and still got PROTOCOL_ERROR.
>> > > > >
>> > > > on which java version the server is running?
>> > > >
>> > > > >
>> > > > > See attached screenshot error_authenticate.jpg and
>> connect_test.png
>> > > > >
>> > > > > Thanks.
>> > > > >
>> > > > > On Sun, Aug 9, 2015 at 6:06 PM, Kiran Ayyagari <
>> kayyagari@apache.org
>> > >
>> > > > > wrote:
>> > > > >
>> > > > >> On Sun, Aug 9, 2015 at 4:48 PM, jeffty <wantwatering@gmail.com>
>> > > wrote:
>> > > > >>
>> > > > >> > Hi All,
>> > > > >> >
>> > > > >> >
>> > > > >> >
>> > > > >> > I’ve enabled TLSv1 in ApacheDS, after restart the
service I
>> got a
>> > > > >> timeout
>> > > > >> > error and fail to login again.
>> > > > >> >
>> > > > >> > In Apache Directory Studio network Parameter, encryption
>> method is
>> > > > >> > Use
>> > > > >> SSL
>> > > > >> > encryption(ldaps://) and
>> > > > >> >
>> > > > >> two things:
>> > > > >> 1. ldaps:// only works when the "Enable LDAPS Server" option
is
>> > > > >> checked in the config editor 2. you can still connect securely
>> > > > >> without enabling the above option by using "Use StartTLS
>> Extension"
>> > > > >>     option for the "Encryption method" on "Network Parameter"
>> tab in
>> > > > >> Studio.
>> > > > >>
>> > > > >>
>> > > > >> > provider is Apache Directory LDAP Client API.
>> > > > >> >
>> > > > >> > And in Authentication the authentication method is Simple
>> > > > >> Authentication.
>> > > > >> >
>> > > > >> >
>> > > > >> >
>> > > > >> > Below is my environment:
>> > > > >> >
>> > > > >> > ApacheDS: apacheds-2.0.0-M20-x86_64
>> > > > >> >
>> > > > >> > Directory Studio:
>> > > > >> > ApacheDirectoryStudio-2.0.0.v20150606-M9-win32.x86_64
>> > > > >> >
>> > > > >> > OS: CentOS6.6
>> > > > >> >
>> > > > >> >
>> > > > >> >
>> > > > >> > I haven’t found any clues in apache ds website and
no related
>> > > > >> > articles found by google either.
>> > > > >> >
>> > > > >> > Is there any guidance for login ds with TLSv1 enabled
? Thanks
>> a
>> > > lot.
>> > > > >> >
>> > > > >> > Jason
>> > > > >> >
>> > > > >>
>> > > > >>
>> > > > >>
>> > > > >> --
>> > > > >> Kiran Ayyagari
>> > > > >> http://keydap.com
>> > > > >>
>> > > > >
>> > > > >
>> > > >
>> > > >
>> > > > --
>> > > > Kiran Ayyagari
>> > > > http://keydap.com
>> > > >
>> > > >
>> > >
>> > >
>> > > --
>> > > Kiran Ayyagari
>> > > http://keydap.com
>> > >
>> >
>>
>>
>>
>> --
>> Kiran Ayyagari
>> http://keydap.com
>>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message