Hi Paul,
Sorry for the delay in the answer.
Our senior engineers have analyzed your problem. In fact pass sync 1.1.6 is
using tlsv1.1.
The first version of 389-ds-base in RHEL6 using this protocol is release 60,
recently delivered, corresponding to RHEL6.7.
An article has been written by the experts which will be published soon into
our knowledge base describing this issue.
Regards,
German.
> On Jul 28, 2015, at 8:23, ozikat wrote:
>
> Hi All,
>
> No luck, have inserted nsTLS1: on
>
> Can't work still. Still stay with PassSync 1.2.11.15
>
> --
> Paul Ooi
>
>
>
>> On 7/27/15 23:25, German Parente wrote:
>> Hi Ozikat,
>>
>> please, send your feedback as possible.
>>
>> thanks and regards,
>>
>> German.
>>
>> - Original Message -
>>> From: "ozikat"
>>> To: 389-users@lists.fedoraproject.org
>>> Sent: Monday, July 27, 2015 4:43:16 PM
>>> Subject: Re: [389-users] PassSync to 389DS SSL Error: Peer reports
>>> incompatible or unsupported protocol version.
>>>
>>> Hi German,
>>>
>>> I am using 389-DS-BASE 1.2.11.15-48.el6_6. I got it working when
>>> installed PassSync 1.2.11.15 on the Windows 2008 R2 server.
>>>
>>> I will try to add nsTLS1 and see whether it works on 1.2.11.16
>>>
>>> Thank you.
>>>
>>> --
>>> Ozikat
>>>
On 7/27/15 18:31, German Parente wrote:
Hi,
Which is the version of 389-ds-base you are running ?
By the way, have you enabled TLS on server side ?
In entry:
dn: cn=encryption,cn=config
the attribute nsTLS1 should be "on" :
nsTLS1: on
Thanks and regards,
German.
- Original Message -
> From: "ozikat"
> To: 389-users@lists.fedoraproject.org
> Sent: Sunday, July 26, 2015 6:20:13 PM
> Subject: [389-users] PassSync to 389DS SSL Error: Peer reports
> incompatible or unsupported protocol version.
>
> Good day everyday,
>
> I came across the problem to connect from 389PassSync Version
> 1.1.6-x86_64 running on Windows 2008 R2 _to_ 389-DS version 1.2.11.15
> that running on Linux CentOS 6.6.
>
> Below is the error seen on /var/logs/dirdrv/slapd-xxx/access
>
> ### Access Log Start ###
>
> [26/Jul/2015:15:47:37 +] conn=4 fd=65 slot=65 SSL connection from
> x.x.x.x to y.y.y.y
> [26/Jul/2015:15:47:37 +] conn=4 op=-1 fd=65 closed - Peer reports
> incompatible or unsupported protocol version.
> [26/Jul/2015:15:47:45 +] conn=5 fd=65 slot=65 SSL connection from
> x.x.x.x to y.y.y.y
> [26/Jul/2015:15:47:45 +] conn=5 op=-1 fd=65 closed - Peer reports
> incompatible or unsupported protocol version.
> [26/Jul/2015:15:48:01 +] conn=6 fd=65 slot=65 SSL connection from
> x.x.x.x to y.y.y.y
> [26/Jul/2015:15:48:01 +] conn=6 op=-1 fd=65 closed - Peer reports
> incompatible or unsupported protocol version.
> [26/Jul/2015:15:49:15 +] conn=1 fd=64 slot=64 SSL connection from
> x.x.x.x to y.y.y.y
> [26/Jul/2015:15:49:15 +] conn=1 op=-1 fd=64 closed - Peer reports
> incompatible or unsupported protocol version.
>
> ### Access Log End ###
>
> I tried to connect using ldp.exe on Windows 2008 Server, it seems ok.
> Just that PassSync unable to communicate via the SSL connections from
> the server.
>
> ## ldp.exe start #
> ld = ldap_open("curry.noodle.com", 636);
> Established connection to curry.noodle.com.
> Retrieving base DSA information...
> Getting 1 entries:
> Dn: (RootDSE)
> dataversion: 020150726160257020150726160257;
> defaultnamingcontext: dc=noodle,dc=com;
> namingContexts (2): dc=noodle,dc=com; o=netscaperoot;
> netscapemdsuffix: cn=ldap://dc=curry,dc=noodle,dc=com:389;
> objectClass: top;
> supportedControl (21): 2.16.840.1.113730.3.4.2; 2.16.840.1.113730.3.4.3;
> 2.16.840.1.113730.3.4.4; 2.16.840.1.113730.3.4.5; 1.2.840.113556.1.4.473
> = ( SORT ); 2.16.840.1.113730.3.4.9 = ( VLVREQUEST );
> 2.16.840.1.113730.3.4.16; 2.16.840.1.113730.3.4.15;
> 2.16.840.1.113730.3.4.17; 2.16.840.1.113730.3.4.19;
> 1.3.6.1.4.1.42.2.27.8.5.1; 1.3.6.1.4.1.42.2.27.9.5.2;
> 1.2.840.113556.1.4.319 = ( PAGED_RESULT ); 1.3.6.1.4.1.42.2.27.9.5.8;
> 1.3.6.1.4.1.4203.666.5.16; 2.16.840.1.113730.3.4.14;
> 2.16.840.1.113730.3.4.20; 1.3.6.1.4.1.1466.29539.12;
> 2.16.840.1.113730.3.4.12; 2.16.840.1.113730.3.4.18;
> 2.16.840.1.113730.3.4.13;
> supportedExtension (14): 2.16.840.1.113730.3.5.7;
> 2.16.840.1.113730.3.5.8; 2.16.840.1.113730.3.5.3;
> 2.16.840.1.113730.3.5.12; 2.16.840.1.113730.3.5.5;
> 2.16.840.1.113730.3.5.6; 2.16.840.1.113730.3.5.9;
> 2.16.840.1.113730.3.5.4; 2.16.840.1.113730.3.6.5;
> 2.16.840.1.113730.3.6.6; 2.16.840.1.113730.3.6.7;
> 2.16.840.1.113730.3.6.8; 1.3.6.1.4.1.1466.20037 = ( START_TLS );
> 1.3.6.1.4.1.4203.1.11.1;
> supportedLDAPVersion
