directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Shawn McKinney <smckin...@apache.org>
Subject Re: [ApacheDS] Cannot establish TLS connection between spring-ldap client and apacheds
Date Wed, 26 Jul 2017 13:58:02 GMT

> On Jul 26, 2017, at 3:19 AM, John Lee <jhn134910@gmail.com> wrote:
> 
> I'm having a problem establishing a LDAPS connection between spring-ldap
> client and apacheDS. Details are provided on stackoverflow, as this is the
> official forum for spring-ldap and I assume the problem is client-side:
> 
> https://stackoverflow.com/questions/45232244/cannot-establish-tls-connection-between-spring-ldap-client-and-apacheds

Nice writeup on overflwo.  This error jumped out at me:
Thread-8, handling exception: javax.net.ssl.SSLException: Unsupported record version Unknown-38.2
%% Invalidated:  [Session-1, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384]
Thread-8, SEND TLSv1.2 ALERT:  fatal, description = unexpected_message

for which I googled:
"javax.net.ssl.SSLException: Unsupported record version Unknown-38.2
%% Invalidated”

and found some hits.  Have you chased those down?

The other thing you can try is connecting with the Apache LDAP API instead of spring ldap.
 I am not suggesting that spring ldap’s apis are broken on TLS.  I’m saying that’s apacheds
+ its own ldap api are a combination that has been tested by us here and we’re going to
have better support for you.

There’s some doc about the api and crypto stuff here:
http://directory.apache.org/api/user-guide/5.1-ldaps.html

Oh and welcome to the list.  Good luck.

Shawn
Mime
View raw message