directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stefan Seelmann (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DIRSTUDIO-1205) Which platforms does Studio work with TLS?
Date Fri, 30 Nov 2018 20:06:00 GMT

    [ https://issues.apache.org/jira/browse/DIRSTUDIO-1205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16705225#comment-16705225
] 

Stefan Seelmann commented on DIRSTUDIO-1205:
--------------------------------------------

>From the log
{code}
[
  Version: V1
  Subject: CN=ubuntu, OU=Directory, O=ASF, C=US
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 512 bits
  modulus: 9974325369116523072626932324206695296344804212754553268376719093424890448114922435166048821089411016389424033976359843992022606485741105180305620276297973
  public exponent: 65537
  Validity: [From: Sat Sep 16 22:25:53 CEST 2017,
               To: Sun Sep 16 22:25:53 CEST 2018]
  Issuer: CN=ApacheDS, OU=Directory, O=ASF, C=US
  SerialNumber: [    015e8c5e 72d5]
]
...
NioProcessor-1, fatal error: 46: General SSLEngine problem
java.security.cert.CertificateException: Certificates do not conform to algorithm constraints
%% Invalidated:  [Session-1, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384]
{code}

This seems to be the default generated certificate generated by ApacheDS. It only has 512
Bit RSA (due to export restrictions), however in current Java versions weak algorithms are
no longer supported.I was able to reproduce the error with the default generated certificate
in the ApacheDS server.

It's bad that the reported error does not contain more details, I'll have a look how to get
the details to the UI.

What you need to do is to generate a stronger certificate and inject it into the uid=admin
entry. I have to check if that is documented somewhere...


> Which platforms does Studio work with TLS?
> ------------------------------------------
>
>                 Key: DIRSTUDIO-1205
>                 URL: https://issues.apache.org/jira/browse/DIRSTUDIO-1205
>             Project: Directory Studio
>          Issue Type: Bug
>            Reporter: Aigo
>            Priority: Major
>             Fix For: 2.0.0-M15
>
>         Attachments: ApacheDirectoryStudio.log, apacheds.log, wrapper.log
>
>
> It sure does not work on the latest Ubuntu, as it fails the SSL handshake, and it does
the same on the latest CentOS as well. So which platforms does it work on?
> I wanted to setup docker container, but not sure if I want to waste any more of my time.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message