directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Emmanuel Lecharny (JIRA)" <>
Subject [jira] [Commented] (DIRSERVER-2043) SSL connection failures errors are useless
Date Thu, 05 May 2016 09:17:12 GMT


Emmanuel Lecharny commented on DIRSERVER-2043:

It's possible that Studio has a bug, and inject the wrong protocolVersion in the server's
configuration. I will investigate that asap.

Now, as a workaround, you should be able to change this configuration by modifying the file
that contains the {{ads-enabledProtocol}} strings on the server. It's {{ldapServer.ldif}},
you should typically see :

dn: ads-transportid=ldaps,ou=transports,ads-serverId=ldapServer,ou=servers,ads-directoryServiceId=default,ou=config
ads-systemport: 10636
ads-transportenablessl: true
ads-transportaddress: localhost
ads-transportid: ldaps
ads-needClientAuth: false
ads-wantClientAuth: true
ads-enabledCiphers: ...
ads-enabledProtocols: TLSV1
ads-enabledProtocols: TLSV1.1
ads-enabledProtocols: TLSV1.2
objectclass: ads-transport
objectclass: ads-tcpTransport
objectclass: top
ads-enabled: true

Otherwise, I strongly suggest you only keep TLSv1.2...

> SSL connection failures errors are useless
> ------------------------------------------
>                 Key: DIRSERVER-2043
>                 URL:
>             Project: Directory ApacheDS
>          Issue Type: Bug
>    Affects Versions: 2.0.0-M19
>            Reporter: Roy Wellington
>            Priority: Minor
> When connecting, if StartTLS fails, you get an error such as the following:
> {noformat}
> Error while opening connection
>  - SSL handshake failed.
> SSL handshake
> 	at
> 	at
> 	at
> 	at$
> 	at
> 	at
> 	at
> 	at
> 	at
> 	at
> SSL handshake failed.
> {noformat}
> But _why_ did the SSL handshake fail? I don't need the stack trace, I need to know what
exactly failed, something like what Firefox/Chrome do on SSL failures. I'm trying to debug
this right now, and I have absolutely no idea what's going on here.

This message was sent by Atlassian JIRA

View raw message