389-console fails to connect with TLSv1.2
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
389-console (Ubuntu) |
Won't Fix
|
Undecided
|
Unassigned | ||
jss (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
389-console on Ubuntu 17.10 fails to connect to an instance of dirsrv-admin that has been configured to allow only TLSv1.2 connections (389-console on Ubuntu 17.04 works fine against the same instance).
389-console -D 9 debug shows the following error:
CREATE JSS SSLSocket
Unable to create ssl socket
org.mozilla.
at org.mozilla.
at org.mozilla.
at com.netscape.
at com.netscape.
at com.netscape.
at com.netscape.
at com.netscape.
at com.netscape.
at com.netscape.
Downgrading the libjss-java package to version 4.3.1-7build1 from Ubuntu 17.04 fixes the problem.
tags: | added: artful |
Changed in 389-console (Ubuntu): | |
status: | New → Confirmed |
This is also happening to me with Ubuntu 18.04 (bionic):
$ 389-console -D 9 -x nologo -u "cn=directory manager" -a https://<servername>:9830 :9830/admin- serv/authentica te) :com.netscape. management. client. theme.theme :com.netscape. management. client. comm.HttpsChann el jss.ssl. SSLSocketExcept ion: SSL_VersionRang eSetDefault( ) for variant=0 with min=768 max=770 out of range (769:772): 0: (0) Unknown error jss.ssl. SSLSocket. setSSLVersionRa ngeDefault( Native Method) jss.ssl. SSLSocket. setSSLVersionRa ngeDefault( SSLSocket. java:1398) management. client. comm.HttpsChann el.open( Unknown Source) management. client. comm.CommManage r.send( Unknown Source) management. client. comm.HttpManage r.get(Unknown Source) management. client. console. Console. invoke_ task(Unknown Source) management. client. console. Console. authenticate_ user(Unknown Source) management. client. console. Console. <init>( Unknown Source) management. client. console. Console. main(Unknown Source)
---- [clip] ----
CommManager> New CommRecord (https://<servername>
ResourceSet: found in cache loader501263526
ResourceSet: NOT found in cache loader501263526
CREATE JSS SSLSocket
Unable to create ssl socket
org.mozilla.
at org.mozilla.
at org.mozilla.
at com.netscape.
at com.netscape.
at com.netscape.
at com.netscape.
at com.netscape.
at com.netscape.
at com.netscape.
---- [clip] ----
389-console does not even try to connect to the server. (I verified that with Wireshark.)