Ubuntu
jss package

389-console fails to connect with TLSv1.2

Bug #1730039 reported by Chuin Ooi
20
This bug affects 3 people
Affects Status Importance Assigned to Milestone
389-console (Ubuntu)
Won't Fix
Undecided
Unassigned
jss (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

389-console on Ubuntu 17.10 fails to connect to an instance of dirsrv-admin that has been configured to allow only TLSv1.2 connections (389-console on Ubuntu 17.04 works fine against the same instance).

389-console -D 9 debug shows the following error:

CREATE JSS SSLSocket
Unable to create ssl socket
org.mozilla.jss.ssl.SSLSocketException: SSL_VersionRangeSetDefault() for variant=0 with min=768 max=770 out of range (769:772): 0: (0) Unknown error
 at org.mozilla.jss.ssl.SSLSocket.setSSLVersionRangeDefault(Native Method)
 at org.mozilla.jss.ssl.SSLSocket.setSSLVersionRangeDefault(SSLSocket.java:1398)
 at com.netscape.management.client.comm.HttpsChannel.open(Unknown Source)
 at com.netscape.management.client.comm.CommManager.send(Unknown Source)
 at com.netscape.management.client.comm.HttpManager.get(Unknown Source)
 at com.netscape.management.client.console.Console.invoke_task(Unknown Source)
 at com.netscape.management.client.console.Console.authenticate_user(Unknown Source)
 at com.netscape.management.client.console.Console.<init>(Unknown Source)
 at com.netscape.management.client.console.Console.main(Unknown Source)

Downgrading the libjss-java package to version 4.3.1-7build1 from Ubuntu 17.04 fixes the problem.

Tags: bionic artful
Hans Joachim Desserud (hjd)
tags: added: artful
Revision history for this message
Antti Palsola (antti.palsola) wrote :

This is also happening to me with Ubuntu 18.04 (bionic):

$ 389-console -D 9 -x nologo -u "cn=directory manager" -a https://<servername>:9830
---- [clip] ----
CommManager> New CommRecord (https://<servername>:9830/admin-serv/authenticate)
ResourceSet: found in cache loader501263526:com.netscape.management.client.theme.theme
ResourceSet: NOT found in cache loader501263526:com.netscape.management.client.comm.HttpsChannel
CREATE JSS SSLSocket
Unable to create ssl socket
org.mozilla.jss.ssl.SSLSocketException: SSL_VersionRangeSetDefault() for variant=0 with min=768 max=770 out of range (769:772): 0: (0) Unknown error
 at org.mozilla.jss.ssl.SSLSocket.setSSLVersionRangeDefault(Native Method)
 at org.mozilla.jss.ssl.SSLSocket.setSSLVersionRangeDefault(SSLSocket.java:1398)
 at com.netscape.management.client.comm.HttpsChannel.open(Unknown Source)
 at com.netscape.management.client.comm.CommManager.send(Unknown Source)
 at com.netscape.management.client.comm.HttpManager.get(Unknown Source)
 at com.netscape.management.client.console.Console.invoke_task(Unknown Source)
 at com.netscape.management.client.console.Console.authenticate_user(Unknown Source)
 at com.netscape.management.client.console.Console.<init>(Unknown Source)
 at com.netscape.management.client.console.Console.main(Unknown Source)
---- [clip] ----

389-console does not even try to connect to the server. (I verified that with Wireshark.)

tags: added: bionic
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in jss (Ubuntu):
status: New → Confirmed
Launchpad Janitor (janitor)
Changed in 389-console (Ubuntu):
status: New → Confirmed
Revision history for this message
Larry Prikockis (lprikockis) wrote :

I'm still running into this problem on 18.04.2 LTS. Is there some fix/workaround other than downgrading to an old version of java? for a variety of other reasons, that's not an option for me.

Revision history for this message
Timo Aaltonen (tjaalton) wrote :

389-console is gone from the distro since 18.10

Changed in jss (Ubuntu):
status: Confirmed → Invalid
Changed in 389-console (Ubuntu):
status: Confirmed → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.