Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.0.0-M10 (2.0.0.v20151221-M10)
    • Fix Version/s: 2.0.0-M13
    • Labels:
      None
    • Environment:
      jdk1.8.0_102, Windows 7 (Client), Windows2008R2 (Server), ApacheDS M21, Apache DS-Studio 2.0.0-M10

      Description

      Hello,

      i have a problem with the checkbox for active protocols (TLSv1.0, TLSv1.1, TLSv1.2 etc.).
      When i use this option (for example with TLSv1.2) i get the following warning in the apache-ds log, when i try to open a ldaps-connection.

      [2016-10-05 16:51:46,017] WARN [org.apache.mina.util.DefaultExceptionMonitor] - Unexpected exception.
      org.apache.mina.core.filterchain.IoFilterLifeCycleException: onPreAdd(): sslFilter:SslFilter in (0x00000001: nio socket, server, /2.59.20.52:56094 => /2.59.39.41:636)
      at org.apache.mina.core.filterchain.DefaultIoFilterChain.register(DefaultIoFilterChain.java:383)
      at org.apache.mina.core.filterchain.DefaultIoFilterChain.addLast(DefaultIoFilterChain.java:189)
      at org.apache.mina.core.filterchain.DefaultIoFilterChainBuilder.buildFilterChain(DefaultIoFilterChainBuilder.java:436)
      at org.apache.mina.core.polling.AbstractPollingIoProcessor.addNow(AbstractPollingIoProcessor.java:536)
      at org.apache.mina.core.polling.AbstractPollingIoProcessor.handleNewSessions(AbstractPollingIoProcessor.java:510)
      at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$400(AbstractPollingIoProcessor.java:68)
      at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:1121)
      at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
      at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
      at java.lang.Thread.run(Thread.java:745)
      Caused by: java.lang.IllegalArgumentException: TLSV1.2
      at sun.security.ssl.ProtocolVersion.valueOf(ProtocolVersion.java:187)
      at sun.security.ssl.ProtocolList.convert(ProtocolList.java:84)
      at sun.security.ssl.ProtocolList.<init>(ProtocolList.java:52)
      at sun.security.ssl.SSLEngineImpl.setEnabledProtocols(SSLEngineImpl.java:2081)
      at org.apache.mina.filter.ssl.SslHandler.init(SslHandler.java:176)
      at org.apache.mina.filter.ssl.SslFilter.onPreAdd(SslFilter.java:427)
      at org.apache.mina.core.filterchain.DefaultIoFilterChain.register(DefaultIoFilterChain.java:381)
      ... 10 more

      I think the Problem ist the Attribute ads-enabledprotocols in the Entry DN: ads-transportid=ldaps,ou=transports,ads-serverid=ldapServer,ou=servers,ads-directoryserviceid=default,ou=config

      I think the attribute-value should be "TLSv1.2" and not "TLSV1.2" (and TLSv1.1 etc.).

      Propably the problem is in the class LdapLdapsServersPage:
      setProtocol( tlsv1_2Checkbox.getSelection(), "TLSV1.2" );

        Issue Links

          Activity

          Hide
          seelmann Stefan Seelmann added a comment -
          Show
          seelmann Stefan Seelmann added a comment - Fixed typo and added test: http://svn.apache.org/viewvc?rev=1805184&view=rev
          Hide
          seelmann Stefan Seelmann added a comment -

          If I see correctly the previous change has a typo "TLvV1.2", I'll fix and some tests.

          Show
          seelmann Stefan Seelmann added a comment - If I see correctly the previous change has a typo "TLvV1.2", I'll fix and some tests.
          Hide
          elecharny Emmanuel Lecharny added a comment -
          Show
          elecharny Emmanuel Lecharny added a comment - Should be fixed with http://svn.apache.org/viewvc?rev=1789148&view=rev
          Hide
          Humbi Stefan Humbold added a comment -

          Ok. Sounds good
          Please verify all four checkboxes.
          Thank you!

          Show
          Humbi Stefan Humbold added a comment - Ok. Sounds good Please verify all four checkboxes. Thank you!
          Hide
          elecharny Emmanuel Lecharny added a comment -

          You are right ! http://svn.apache.org/r1668692 :

          "+            setProtocol( tlsv1_2Checkbox.getSelection(), "TLSV1.2" );"
          

          Should be easy to fix.

          Show
          elecharny Emmanuel Lecharny added a comment - You are right ! http://svn.apache.org/r1668692 : "+ setProtocol( tlsv1_2Checkbox.getSelection(), "TLSV1.2" );" Should be easy to fix.
          Hide
          Humbi Stefan Humbold added a comment -

          hm....

          i tried it now with this dist: https://dist.apache.org/repos/dist/dev/directory/studio/2.0.0.v20160717-M11
          and the latest nightly build: https://builds.apache.org/job/dir-studio/

          i think, the problem still there.
          DS-Studio writes "TLSV1.2" and not "TLSv1.2" in the Attribute ads-enabledprotocols. I think this is leading to "java.lang.IllegalArgumentException: TLSV1.2"

          thank you for the quick response!

          Show
          Humbi Stefan Humbold added a comment - hm.... i tried it now with this dist: https://dist.apache.org/repos/dist/dev/directory/studio/2.0.0.v20160717-M11 and the latest nightly build: https://builds.apache.org/job/dir-studio/ i think, the problem still there. DS-Studio writes "TLSV1.2" and not "TLSv1.2" in the Attribute ads-enabledprotocols. I think this is leading to "java.lang.IllegalArgumentException: TLSV1.2" thank you for the quick response!
          Hide
          elecharny Emmanuel Lecharny added a comment -

          Yes, we have fixed that some time ago. You can try a temporary build (not official) : https://dist.apache.org/repos/dist/dev/directory/studio/2.0.0.v20160717-M11/

          Show
          elecharny Emmanuel Lecharny added a comment - Yes, we have fixed that some time ago. You can try a temporary build (not official) : https://dist.apache.org/repos/dist/dev/directory/studio/2.0.0.v20160717-M11/

            People

            • Assignee:
              Unassigned
              Reporter:
              Humbi Stefan Humbold
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development