directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lécharny <>
Subject Re: [ApacheDS] Cannot establish TLS connection between spring-ldap client and apacheds
Date Wed, 26 Jul 2017 19:19:05 GMT

Le 26/07/2017 à 18:57, John Lee a écrit :
> Thanks for your support guys.
> I was able to connect via LDAPS connection with Studio which presumably
> uses the Apache LDAP API?

> Under : DN:
> ads-transportid=ldaps,ou=transports,ads-serverId=ldapServer,ou=servers,ads-directoryServiceId=default,ou=config
> I have setting :
> ads-enabledprotocols:TLSv1.2

Which is ok.
> I only just added this on Emmanuel's guidance, but I get the same problem.
> The Java LDAPS client is using oracle JDK8 which defaults to using the
> TLSv1.2 protocol.
> Yeh I followed through some of the google links. I noticed some references
> to similar problems happening more frequently with certain ciphers (
> although in my case the connection always fails rather than fails randomly.
> I see a question raised in March in archives (
> -  Problem with limiting ciphers for ldaps) about the possibility of
> restricting the ciphers used, as I was going to try and use a different
> cipher, maybe older less secure one just for test purposes to see if I get
> the same problem. However, I don't think this cipher restriction is
> supported in ApacheDS configuration?
> That archived question also asks how the cipher list is arrived at and if
> specified providers are consulted to figure out the ciphers
> that are supported by the installed java version. For example, in my case
> Apache DS is running on openJdk 7 but my client is running on Oracle JDK 8.
> I'll try upgrading to use Oracle JDK 8 on the host for apache DS and see if
> it makes a difference.

Yes, try to run ApacheDS with Java 7.

I was a bit quick in my previous answer, btw. Clearly, the ClientHello
and ServerHello exchanges have been done properly, with

||TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384| being selected, and TLSv1.2
being used. Be sure that the server uses Java with the ||Unlimited Strength Jurisdiction Policy

Emmanuel Lecharny

View raw message