directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andreas Riddering (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DIRSERVER-2043) SSL connection failures errors are useless
Date Tue, 18 Oct 2016 09:13:58 GMT

    [ https://issues.apache.org/jira/browse/DIRSERVER-2043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15584959#comment-15584959
] 

Andreas Riddering commented on DIRSERVER-2043:
----------------------------------------------

As i edited in my last answer, i messed up with the title of this ticket and my request is
about die ADStudio not the server. Sorry for the confusion. So as its not ApacheDirServer,
but IBM SDS its written in C and the JVM Parameter cant be applied.
Nevertheless i did some testing. Installing Java8 leads to some strange behaviour, so connection
to one of the two servers in charge is possible, but not to the other. Versions differ only
a little bit. (Remember, with Java7 > .85 a connection to non of the two was possible...)

At this point i took openssl and did some tests and while connecting to the server with the
problems openssl throws up some strange SSL3 "bad record mac" errors... Interestingly i don't
get those errors, if i put -ssl3 or -tls1 as a parameter to openssl.

ldapsearch on cygwin on my local machine also can't connect to the server in question, same
"bad record mac"-error, but ldapsearch on another linux-server is able to connect to both
servers...

So my conclusion is, that this unpatched server has some problems with the "autonegotation"
of the ssl/tls protocol or something like that. So no todo left here, but thank you for your
input!

> SSL connection failures errors are useless
> ------------------------------------------
>
>                 Key: DIRSERVER-2043
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-2043
>             Project: Directory ApacheDS
>          Issue Type: Bug
>    Affects Versions: 2.0.0-M19
>            Reporter: Roy Wellington
>            Priority: Minor
>
> When connecting, if StartTLS fails, you get an error such as the following:
> {noformat}
> Error while opening connection
>  - SSL handshake failed.
> org.apache.directory.ldap.client.api.exception.InvalidConnectionException: SSL handshake
failed.
> 	at org.apache.directory.ldap.client.api.LdapNetworkConnection.writeRequest(LdapNetworkConnection.java:3939)
> 	at org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1178)
> 	at org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1076)
> 	at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:368)
> 	at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1175)
> 	at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:460)
> 	at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:306)
> 	at org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.run(OpenConnectionsRunnable.java:114)
> 	at org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109)
> 	at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54)
> SSL handshake failed.
> {noformat}
> But _why_ did the SSL handshake fail? I don't need the stack trace, I need to know what
exactly failed, something like what Firefox/Chrome do on SSL failures. I'm trying to debug
this right now, and I have absolutely no idea what's going on here.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message