directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Serge Pouliquen <sp31...@free.fr>
Subject Re: apache DS + thunderbird : issue with TLS, while clear is functional
Date Fri, 03 Nov 2017 22:50:07 GMT
Hi,

 > Can you packet capture from one end or the other and verify that the 
secure handshake is successful or failing when you have TLS enabled?

I'm not sure to well understand the request, but I will try to answer.
 > from one end or the other
run on localhost, so it should be the same
I indicated in point 6, that I captured nothing (no communication) : no 
TLS request, no success, no TLS failure.
Once a request has been send by address book window, I can capture TLS 
handshake success and the result of the search.
Later search from compose window, I can see TLS success and the result 
are proposed in completion list.

When thunderbird is not completing, wireshark on loopback capture no 
packet at all.

I find that a bit strange.


 > -Djavax.net.debug=all
tried and no log at the moment a request should be issued

software versions :
apache ds : 2.0.0-M24
thunderbird : 52.4.0 (packaged by debian for strech amd64)
java version : openjdk 1.8.0_151 (packaged by debian for strech amd64)

java -version
openjdk version "1.8.0_151"
OpenJDK Runtime Environment (build 1.8.0_151-8u151-b12-1~deb9u1-b12)
OpenJDK 64-Bit Server VM (build 25.151-b12, mixed mode)

Should I test the oracle version ?

Thanks
Serge

On 03/11/17 23:24, Emmanuel Lécharny wrote:
>
> Le 03/11/2017 à 21:22, Lohr, Donald a écrit :
>> Can you packet capture from one end or the other and verify that the
>> secure handshake is successful or failing when you have TLS enabled?
> Anoher thing to do is to start ApacheDS with -Djavax.net.debug=all
> (beware  this is going to be verbose).
>
> If there is some issue during the handshake, you'lle get some
> information about what's going wrong.
>
> Also please provide the ApacheDS and TB version you are using, and the
> Java version for the server. You might have some cipher limitation that
> need to be dealt with (some ciphers might be forbiden. You might also
> have to install JCE.
>


Mime
View raw message