[jira] [Commented] (DIRSTUDIO-1205) Which platforms does Studio work with TLS?

Fri, 30 Nov 2018 12:14:12 -0800 


    [ 
https://issues.apache.org/jira/browse/DIRSTUDIO-1205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16705225#comment-16705225
 ] 

Stefan Seelmann commented on DIRSTUDIO-1205:
--------------------------------------------

>From the log
{code}
[
  Version: V1
  Subject: CN=ubuntu, OU=Directory, O=ASF, C=US
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 512 bits
  modulus: 
9974325369116523072626932324206695296344804212754553268376719093424890448114922435166048821089411016389424033976359843992022606485741105180305620276297973
  public exponent: 65537
  Validity: [From: Sat Sep 16 22:25:53 CEST 2017,
               To: Sun Sep 16 22:25:53 CEST 2018]
  Issuer: CN=ApacheDS, OU=Directory, O=ASF, C=US
  SerialNumber: [    015e8c5e 72d5]
]
...
NioProcessor-1, fatal error: 46: General SSLEngine problem
java.security.cert.CertificateException: Certificates do not conform to 
algorithm constraints
%% Invalidated:  [Session-1, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384]
{code}

This seems to be the default generated certificate generated by ApacheDS. It 
only has 512 Bit RSA (due to export restrictions), however in current Java 
versions weak algorithms are no longer supported.I was able to reproduce the 
error with the default generated certificate in the ApacheDS server.

It's bad that the reported error does not contain more details, I'll have a 
look how to get the details to the UI.

What you need to do is to generate a stronger certificate and inject it into 
the uid=admin entry. I have to check if that is documented somewhere...


> Which platforms does Studio work with TLS?
> ------------------------------------------
>
>                 Key: DIRSTUDIO-1205
>                 URL: https://issues.apache.org/jira/browse/DIRSTUDIO-1205
>             Project: Directory Studio
>          Issue Type: Bug
>            Reporter: Aigo
>            Priority: Major
>             Fix For: 2.0.0-M15
>
>         Attachments: ApacheDirectoryStudio.log, apacheds.log, wrapper.log
>
>
> It sure does not work on the latest Ubuntu, as it fails the SSL handshake, 
> and it does the same on the latest CentOS as well. So which platforms does it 
> work on?
> I wanted to setup docker container, but not sure if I want to waste any more 
> of my time.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to