[Freeipa] [Bug 1730039] Re: 389-console fails to connect with TLSv1.2

Mon, 11 Jun 2018 06:32:16 -0700 

This is also happening to me with Ubuntu 18.04 (bionic):

$ 389-console -D 9 -x nologo -u "cn=directory manager" -a 
https://<servername>:9830
---- [clip] ----
CommManager> New CommRecord (https://<servername>:9830/admin-serv/authenticate)
ResourceSet: found in cache 
loader501263526:com.netscape.management.client.theme.theme
ResourceSet: NOT found in cache 
loader501263526:com.netscape.management.client.comm.HttpsChannel
CREATE JSS SSLSocket
Unable to create ssl socket
org.mozilla.jss.ssl.SSLSocketException: SSL_VersionRangeSetDefault() for 
variant=0 with min=768 max=770 out of range (769:772): 0: (0) Unknown error
        at org.mozilla.jss.ssl.SSLSocket.setSSLVersionRangeDefault(Native 
Method)
        at 
org.mozilla.jss.ssl.SSLSocket.setSSLVersionRangeDefault(SSLSocket.java:1398)
        at com.netscape.management.client.comm.HttpsChannel.open(Unknown Source)
        at com.netscape.management.client.comm.CommManager.send(Unknown Source)
        at com.netscape.management.client.comm.HttpManager.get(Unknown Source)
        at com.netscape.management.client.console.Console.invoke_task(Unknown 
Source)
        at 
com.netscape.management.client.console.Console.authenticate_user(Unknown Source)
        at com.netscape.management.client.console.Console.<init>(Unknown Source)
        at com.netscape.management.client.console.Console.main(Unknown Source)
---- [clip] ----

389-console does not even try to connect to the server. (I verified that
with Wireshark.)

** Tags added: bionic

-- 
You received this bug notification because you are a member of FreeIPA,
which is subscribed to jss in Ubuntu.
https://bugs.launchpad.net/bugs/1730039

Title:
  389-console fails to connect with TLSv1.2

Status in jss package in Ubuntu:
  New

Bug description:
  389-console on Ubuntu 17.10 fails to connect to an instance of dirsrv-
  admin that has been configured to allow only TLSv1.2 connections
  (389-console on Ubuntu 17.04 works fine against the same instance).

  389-console -D 9 debug shows the following error:

  CREATE JSS SSLSocket
  Unable to create ssl socket
  org.mozilla.jss.ssl.SSLSocketException: SSL_VersionRangeSetDefault() for 
variant=0 with min=768 max=770 out of range (769:772): 0: (0) Unknown error
        at org.mozilla.jss.ssl.SSLSocket.setSSLVersionRangeDefault(Native 
Method)
        at 
org.mozilla.jss.ssl.SSLSocket.setSSLVersionRangeDefault(SSLSocket.java:1398)
        at com.netscape.management.client.comm.HttpsChannel.open(Unknown Source)
        at com.netscape.management.client.comm.CommManager.send(Unknown Source)
        at com.netscape.management.client.comm.HttpManager.get(Unknown Source)
        at com.netscape.management.client.console.Console.invoke_task(Unknown 
Source)
        at 
com.netscape.management.client.console.Console.authenticate_user(Unknown Source)
        at com.netscape.management.client.console.Console.<init>(Unknown Source)
        at com.netscape.management.client.console.Console.main(Unknown Source)

  Downgrading the libjss-java package to version 4.3.1-7build1 from
  Ubuntu 17.04 fixes the problem.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/jss/+bug/1730039/+subscriptions

_______________________________________________
Mailing list: https://launchpad.net/~freeipa
Post to     : freeipa@lists.launchpad.net
Unsubscribe : https://launchpad.net/~freeipa
More help   : https://help.launchpad.net/ListHelp

Reply via email to