I'm using Apache Directory Studio (which I assume is using the Apache LDAP API) and having an issue connecting due to (apparently) "unavailable cipher suites" with OpenLDAP.
I created a self-signed CA using OpenSSL command line tools and have verified that the certificate (and even client-side certs signed by it) work without problems using all of the OpenLDAP applications. I've even successfully integrated it with Kerberos and SSSD with TLS/SSL. On some machines, the Apache Directory Studio works with my configuration no problem as well. However, on Windows and certain other Linux machines, it fails with "SSL Handshake Error". I added "-Djavax.net.debug=ssl:handshake" and was able to determine that the cipher suite that I'm using (ECDHE-RSA-AES256-GCM-SHA385) is output as an "unavailable cipher suite". It also looks like the only available cipher suites (listed later in the output) use AES128 or weaker algorithms. How can I get Apache Directory Studio to use updated cryptography libraries? Thanks, -- Frank
