Problem using TLS or SSL to establish a secure binding

[Karim Hosny]

Hi,

I have a problem trying to create a TLS negotiation or an SSL binding with my 
Active Directory server running on windows 2008, although it works fine with 
JNDI api but the apache directory is more feasible for my case since it will 
include Kerberos authentication.

I use the certificate for the account I use to login with as a PKCS12 
certificate, and I have the CA from the server added to the cacerts file but I 
get failed to initialize SSL context exception, the exception is at the end of 
the email.

My code:

LdapConnectionConfig config = new LdapConnectionConfig();
config.setLdapHost(SERVER);
config.setLdapPort(389);
KeyStore keystore = KeyStore.getInstance("JKS");
                keystore.load(new 
FileInputStream("C:\\bea\\jrockit_160_05\\jre\\lib\\security\\certificate.jks"),
 "P@ssw0rd".toCharArray());
TrustManagerFactory tmf = 
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(keystore);
config.setTrustManagers(tmf.getTrustManagers());
config.setName("CN=testUser,CN=Users,DC=bmrk,DC=com");
config.setCredentials("P@ssw0rd");
LdapNetworkConnection ldapNetworkConnection = new LdapNetworkConnection(config);
ldapNetworkConnection.startTls();//the exception is thrown here
ldapNetworkConnection.bind();

Exception:
Exception in thread "Main Thread" 
org.apache.directory.api.ldap.model.exception.LdapException: Failed to 
initialize the SSL context
      at 
org.apache.directory.ldap.client.api.LdapNetworkConnection.addSslFilter(LdapNetworkConnection.java:3839)
      at 
org.apache.directory.ldap.client.api.LdapNetworkConnection.startTls(LdapNetworkConnection.java:3788)
      at LDAPConTest.testLoginToLDAPDOMAIN(LDAPConTest.java:102)
      at LDAPConTest.main(LDAPConTest.java:57)
Caused by: org.apache.mina.core.filterchain.IoFilterLifeCycleException: 
onPreAdd(): sslFilter:SslFilter in (0x00000001: nio socket, client, 
/10.90.92.20:39519 => BMRKDC02.bmrk.com/10.90.92.3:389)
      at 
org.apache.mina.core.filterchain.DefaultIoFilterChain.register(DefaultIoFilterChain.java:383)
      at 
org.apache.mina.core.filterchain.DefaultIoFilterChain.addFirst(DefaultIoFilterChain.java:184)
      at 
org.apache.directory.ldap.client.api.LdapNetworkConnection.addSslFilter(LdapNetworkConnection.java:3832)
      ... 3 more
Caused by: java.lang.IllegalArgumentException: TLSv1.1
      at 
com.sun.net.ssl.internal.ssl.ProtocolVersion.valueOf(ProtocolVersion.java:133)
      at com.sun.net.ssl.internal.ssl.ProtocolList.<init>(ProtocolList.java:38)
      at 
com.sun.net.ssl.internal.ssl.SSLEngineImpl.setEnabledProtocols(SSLEngineImpl.java:1736)
      at org.apache.mina.filter.ssl.SslHandler.init(SslHandler.java:176)
      at org.apache.mina.filter.ssl.SslFilter.onPreAdd(SslFilter.java:426)
      at 
org.apache.mina.core.filterchain.DefaultIoFilterChain.register(DefaultIoFilterChain.java:381)
      ... 5 more


Any ideas where the issue may come from?

Thanks,

Karim