directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jeffty <wantwater...@gmail.com>
Subject Re: Enable TLSv1 in ApacheDS lead to Timeout Error
Date Sun, 09 Aug 2015 11:00:46 GMT
Most is illegal argument Exception: TLSV1 as below:

[09:16:20] WARN [org.apache.mina.util.DefaultExceptionMonitor] - Unexpected
exception.
org.apache.mina.core.filterchain.IoFilterLifeCycleException: onPreAdd():
sslFilter:SslFilter in (0x00000006: nio socket, server, /192.168.1.102:50073
=> /192.168.1.82:10636)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.register(DefaultIoFilterChain.java:383)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.addLast(DefaultIoFilterChain.java:189)
at
org.apache.mina.core.filterchain.DefaultIoFilterChainBuilder.buildFilterChain(DefaultIoFilterChainBuilder.java:436)
at
org.apache.mina.core.polling.AbstractPollingIoProcessor.addNow(AbstractPollingIoProcessor.java:532)
at
org.apache.mina.core.polling.AbstractPollingIoProcessor.handleNewSessions(AbstractPollingIoProcessor.java:505)
at
org.apache.mina.core.polling.AbstractPollingIoProcessor.access$400(AbstractPollingIoProcessor.java:67)
at
org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:1113)
at
org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.IllegalArgumentException: TLSV1
at sun.security.ssl.ProtocolVersion.valueOf(ProtocolVersion.java:187)
at sun.security.ssl.ProtocolList.convert(ProtocolList.java:84)
at sun.security.ssl.ProtocolList.<init>(ProtocolList.java:52)
at
sun.security.ssl.SSLEngineImpl.setEnabledProtocols(SSLEngineImpl.java:2081)
at org.apache.mina.filter.ssl.SslHandler.init(SslHandler.java:176)
at org.apache.mina.filter.ssl.SslFilter.onPreAdd(SslFilter.java:426)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.register(DefaultIoFilterChain.java:381)
... 10 more


On Sun, Aug 9, 2015 at 6:57 PM, Kiran Ayyagari <kayyagari@apache.org> wrote:

> On Sun, Aug 9, 2015 at 6:47 PM, jeffty <wantwatering@gmail.com> wrote:
>
> > openjdk version "1.8.0_51"
> > OpenJDK Runtime Environment (build 1.8.0_51-b16)
> > OpenJDK 64-Bit Server VM (build 25.51-b03, mixed mode)
> >
> ok, this should work, are there any errors in the server log?
>
> >
> > -----Original Message-----
> > From: Kiran Ayyagari [mailto:kayyagari@apache.org]
> > Sent: Sunday, August 09, 2015 6:46 PM
> > To: users@directory.apache.org
> > Subject: Re: Enable TLSv1 in ApacheDS lead to Timeout Error
> >
> > On Sun, Aug 9, 2015 at 6:44 PM, jeffty <wantwatering@gmail.com> wrote:
> >
> > > Thanks Kiran.
> > >
> > > Enable LDAPS Server option is checked and login is OK (when TLSv1 is
> > > not enabled and Encryption method is Use SSL encryption ldaps://).
> > >
> > > After enable TLSv1 protocol, I change the Encryption method to Use
> > > StartTLS extension and still got PROTOCOL_ERROR.
> > >
> > on which java version the server is running?
> >
> > >
> > > See attached screenshot error_authenticate.jpg and connect_test.png
> > >
> > > Thanks.
> > >
> > > On Sun, Aug 9, 2015 at 6:06 PM, Kiran Ayyagari <kayyagari@apache.org>
> > > wrote:
> > >
> > >> On Sun, Aug 9, 2015 at 4:48 PM, jeffty <wantwatering@gmail.com>
> wrote:
> > >>
> > >> > Hi All,
> > >> >
> > >> >
> > >> >
> > >> > I’ve enabled TLSv1 in ApacheDS, after restart the service I got
a
> > >> timeout
> > >> > error and fail to login again.
> > >> >
> > >> > In Apache Directory Studio network Parameter, encryption method is
> > >> > Use
> > >> SSL
> > >> > encryption(ldaps://) and
> > >> >
> > >> two things:
> > >> 1. ldaps:// only works when the "Enable LDAPS Server" option is
> > >> checked in the config editor 2. you can still connect securely
> > >> without enabling the above option by using "Use StartTLS Extension"
> > >>     option for the "Encryption method" on "Network Parameter" tab in
> > >> Studio.
> > >>
> > >>
> > >> > provider is Apache Directory LDAP Client API.
> > >> >
> > >> > And in Authentication the authentication method is Simple
> > >> Authentication.
> > >> >
> > >> >
> > >> >
> > >> > Below is my environment:
> > >> >
> > >> > ApacheDS: apacheds-2.0.0-M20-x86_64
> > >> >
> > >> > Directory Studio:
> > >> > ApacheDirectoryStudio-2.0.0.v20150606-M9-win32.x86_64
> > >> >
> > >> > OS: CentOS6.6
> > >> >
> > >> >
> > >> >
> > >> > I haven’t found any clues in apache ds website and no related
> > >> > articles found by google either.
> > >> >
> > >> > Is there any guidance for login ds with TLSv1 enabled ? Thanks a
> lot.
> > >> >
> > >> > Jason
> > >> >
> > >>
> > >>
> > >>
> > >> --
> > >> Kiran Ayyagari
> > >> http://keydap.com
> > >>
> > >
> > >
> >
> >
> > --
> > Kiran Ayyagari
> > http://keydap.com
> >
> >
>
>
> --
> Kiran Ayyagari
> http://keydap.com
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message