[jira] [Commented] (DIRSERVER-2223) JDK 9 ldaps does not work
[ https://issues.apache.org/jira/browse/DIRSERVER-2223?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16874536#comment-16874536 ] Emmanuel Lecharny commented on DIRSERVER-2223: -- Should we assume this issue has been fixed, since we know that ApacheDS builds properly with java 11 and 12 ? > JDK 9 ldaps does not work > - > > Key: DIRSERVER-2223 > URL: https://issues.apache.org/jira/browse/DIRSERVER-2223 > Project: Directory ApacheDS > Issue Type: Bug >Affects Versions: 2.0.0-M24 >Reporter: Martin Choma >Priority: Major > > I have migrated from JDK 8 to JDK 9. I started to get {noformat}no cipher > suites in common{noformat}. > I am using org.apache.directory.api as a client connecting to ApacheDS > ldaps://localhost:10636 url. > I get > {code} > *** ClientHello, TLSv1.2 > RandomCookie: random_bytes = {FD 5B C5 87 7A 4B 58 AC BB BB 1D 62 6C BB DF > CC 12 8F F3 3D 0B 57 EA B5 AC AA 7C E0 94 C6 98 EE} > Session ID: {} > Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, > TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, > TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, > TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, > TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, > TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, > TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, > TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, > TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, > TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, > TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, > TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, > TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, > TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, > TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, > TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, > TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, > TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, > TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, > TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, > TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, > TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, > TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, > SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, > TLS_EMPTY_RENEGOTIATION_INFO_SCSV] > Compression Methods: { 0 } > Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, > sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1} > Extension ec_point_formats, formats: [uncompressed] > Extension signature_algorithms, signature_algorithms: SHA512withECDSA, > SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, > SHA256withRSA, SHA256withDSA, SHA224withECDSA, SHA224withRSA, SHA224withDSA, > SHA1withECDSA, SHA1withRSA, SHA1withDSA > Extension status_request_v2 > CertStatusReqItemV2: ocsp_multi, OCSPStatusRequest > ResponderIds: > Extensions: > CertStatusReqItemV2: ocsp, OCSPStatusRequest > ResponderIds: > Extensions: > Extension status_request: ocsp, OCSPStatusRequest > ResponderIds: > Extensions: > *** > %% Initialized: [Session-4, SSL_NULL_WITH_NULL_NULL] > NioProcessor-6, fatal error: 40: no cipher suites in common > javax.net.ssl.SSLHandshakeException: no cipher suites in common > %% Invalidated: [Session-4, SSL_NULL_WITH_NULL_NULL] > NioProcessor-6, fatal: engine already closed. Rethrowing > javax.net.ssl.SSLHandshakeException: no cipher suites in common > 10:48:16,382 WARN [org.apache.directory.server.ldap.LdapProtocolHandler] > (NioProcessor-6) Unexpected exception forcing session to close: sending > disconnect notice to client.: javax.net.ssl.SSLHandshakeException: SSL > handshake failed. > at > org.apache.mina.filter.ssl.SslFilter.messageReceived(SslFilter.java:519) > {code} > Once I specify on client side > {code} > tlsConfig.setEnabledCipherSuites(new String[] { > "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", > "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", > "TLS_RSA_WITH_AES_256_CBC_SHA256", > "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", > "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", > "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", > "TLS_DHE_DSS_WITH
[jira] [Commented] (DIRSERVER-2223) JDK 9 ldaps does not work
[ https://issues.apache.org/jira/browse/DIRSERVER-2223?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16391983#comment-16391983 ] Emmanuel Lecharny commented on DIRSERVER-2223: -- Yes, as I wrote in a mail 2 days ago, I'm fixing the {{IntermediateResponse}} part, and {{SyncInfoValue}} is one of them. > JDK 9 ldaps does not work > - > > Key: DIRSERVER-2223 > URL: https://issues.apache.org/jira/browse/DIRSERVER-2223 > Project: Directory ApacheDS > Issue Type: Bug >Affects Versions: 2.0.0-M24 >Reporter: Martin Choma >Priority: Major > > I have migrated from JDK 8 to JDK 9. I started to get {noformat}no cipher > suites in common{noformat}. > I am using org.apache.directory.api as a client connecting to ApacheDS > ldaps://localhost:10636 url. > I get > {code} > *** ClientHello, TLSv1.2 > RandomCookie: random_bytes = {FD 5B C5 87 7A 4B 58 AC BB BB 1D 62 6C BB DF > CC 12 8F F3 3D 0B 57 EA B5 AC AA 7C E0 94 C6 98 EE} > Session ID: {} > Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, > TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, > TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, > TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, > TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, > TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, > TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, > TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, > TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, > TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, > TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, > TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, > TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, > TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, > TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, > TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, > TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, > TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, > TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, > TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, > TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, > TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, > TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, > SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, > TLS_EMPTY_RENEGOTIATION_INFO_SCSV] > Compression Methods: { 0 } > Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, > sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1} > Extension ec_point_formats, formats: [uncompressed] > Extension signature_algorithms, signature_algorithms: SHA512withECDSA, > SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, > SHA256withRSA, SHA256withDSA, SHA224withECDSA, SHA224withRSA, SHA224withDSA, > SHA1withECDSA, SHA1withRSA, SHA1withDSA > Extension status_request_v2 > CertStatusReqItemV2: ocsp_multi, OCSPStatusRequest > ResponderIds: > Extensions: > CertStatusReqItemV2: ocsp, OCSPStatusRequest > ResponderIds: > Extensions: > Extension status_request: ocsp, OCSPStatusRequest > ResponderIds: > Extensions: > *** > %% Initialized: [Session-4, SSL_NULL_WITH_NULL_NULL] > NioProcessor-6, fatal error: 40: no cipher suites in common > javax.net.ssl.SSLHandshakeException: no cipher suites in common > %% Invalidated: [Session-4, SSL_NULL_WITH_NULL_NULL] > NioProcessor-6, fatal: engine already closed. Rethrowing > javax.net.ssl.SSLHandshakeException: no cipher suites in common > 10:48:16,382 WARN [org.apache.directory.server.ldap.LdapProtocolHandler] > (NioProcessor-6) Unexpected exception forcing session to close: sending > disconnect notice to client.: javax.net.ssl.SSLHandshakeException: SSL > handshake failed. > at > org.apache.mina.filter.ssl.SslFilter.messageReceived(SslFilter.java:519) > {code} > Once I specify on client side > {code} > tlsConfig.setEnabledCipherSuites(new String[] { > "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", > "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", > "TLS_RSA_WITH_AES_256_CBC_SHA256", > "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", > "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", > "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", > "TLS_D
[jira] [Commented] (DIRSERVER-2223) JDK 9 ldaps does not work
[ https://issues.apache.org/jira/browse/DIRSERVER-2223?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16391968#comment-16391968 ] Stefan Seelmann commented on DIRSERVER-2223: Progress: {code} [ERROR] directory-server/core-jndi/src/main/java/org/apache/directory/server/core/jndi/ServerContext.java:[67,80] package org.apache.directory.api.ldap$ extras.intermediate.syncrepl.syncInfoValue does not exist [ERROR] directory-server/core-jndi/src/main/java/org/apache/directory/server/core/jndi/ServerContext.java:[182,27] cannot find symbol symbol: variable SyncInfoValue location: class org.apache.directory.server.core.jndi.ServerContext [INFO] 2 errors {code} > JDK 9 ldaps does not work > - > > Key: DIRSERVER-2223 > URL: https://issues.apache.org/jira/browse/DIRSERVER-2223 > Project: Directory ApacheDS > Issue Type: Bug >Affects Versions: 2.0.0-M24 >Reporter: Martin Choma >Priority: Major > > I have migrated from JDK 8 to JDK 9. I started to get {noformat}no cipher > suites in common{noformat}. > I am using org.apache.directory.api as a client connecting to ApacheDS > ldaps://localhost:10636 url. > I get > {code} > *** ClientHello, TLSv1.2 > RandomCookie: random_bytes = {FD 5B C5 87 7A 4B 58 AC BB BB 1D 62 6C BB DF > CC 12 8F F3 3D 0B 57 EA B5 AC AA 7C E0 94 C6 98 EE} > Session ID: {} > Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, > TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, > TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, > TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, > TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, > TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, > TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, > TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, > TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, > TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, > TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, > TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, > TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, > TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, > TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, > TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, > TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, > TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, > TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, > TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, > TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, > TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, > TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, > SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, > TLS_EMPTY_RENEGOTIATION_INFO_SCSV] > Compression Methods: { 0 } > Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, > sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1} > Extension ec_point_formats, formats: [uncompressed] > Extension signature_algorithms, signature_algorithms: SHA512withECDSA, > SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, > SHA256withRSA, SHA256withDSA, SHA224withECDSA, SHA224withRSA, SHA224withDSA, > SHA1withECDSA, SHA1withRSA, SHA1withDSA > Extension status_request_v2 > CertStatusReqItemV2: ocsp_multi, OCSPStatusRequest > ResponderIds: > Extensions: > CertStatusReqItemV2: ocsp, OCSPStatusRequest > ResponderIds: > Extensions: > Extension status_request: ocsp, OCSPStatusRequest > ResponderIds: > Extensions: > *** > %% Initialized: [Session-4, SSL_NULL_WITH_NULL_NULL] > NioProcessor-6, fatal error: 40: no cipher suites in common > javax.net.ssl.SSLHandshakeException: no cipher suites in common > %% Invalidated: [Session-4, SSL_NULL_WITH_NULL_NULL] > NioProcessor-6, fatal: engine already closed. Rethrowing > javax.net.ssl.SSLHandshakeException: no cipher suites in common > 10:48:16,382 WARN [org.apache.directory.server.ldap.LdapProtocolHandler] > (NioProcessor-6) Unexpected exception forcing session to close: sending > disconnect notice to client.: javax.net.ssl.SSLHandshakeException: SSL > handshake failed. > at > org.apache.mina.filter.ssl.SslFilter.messageReceived(SslFilter.java:519) > {code} > Once I specify on client side > {
[jira] [Commented] (DIRSERVER-2223) JDK 9 ldaps does not work
[ https://issues.apache.org/jira/browse/DIRSERVER-2223?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16391965#comment-16391965 ] Emmanuel Lecharny commented on DIRSERVER-2223: -- Ah, damn it, there are other errors on something I'm currently fixing :/ It would be better to start from the last released version of ApacheDS ! > JDK 9 ldaps does not work > - > > Key: DIRSERVER-2223 > URL: https://issues.apache.org/jira/browse/DIRSERVER-2223 > Project: Directory ApacheDS > Issue Type: Bug >Affects Versions: 2.0.0-M24 >Reporter: Martin Choma >Priority: Major > > I have migrated from JDK 8 to JDK 9. I started to get {noformat}no cipher > suites in common{noformat}. > I am using org.apache.directory.api as a client connecting to ApacheDS > ldaps://localhost:10636 url. > I get > {code} > *** ClientHello, TLSv1.2 > RandomCookie: random_bytes = {FD 5B C5 87 7A 4B 58 AC BB BB 1D 62 6C BB DF > CC 12 8F F3 3D 0B 57 EA B5 AC AA 7C E0 94 C6 98 EE} > Session ID: {} > Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, > TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, > TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, > TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, > TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, > TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, > TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, > TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, > TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, > TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, > TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, > TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, > TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, > TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, > TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, > TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, > TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, > TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, > TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, > TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, > TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, > TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, > TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, > SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, > TLS_EMPTY_RENEGOTIATION_INFO_SCSV] > Compression Methods: { 0 } > Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, > sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1} > Extension ec_point_formats, formats: [uncompressed] > Extension signature_algorithms, signature_algorithms: SHA512withECDSA, > SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, > SHA256withRSA, SHA256withDSA, SHA224withECDSA, SHA224withRSA, SHA224withDSA, > SHA1withECDSA, SHA1withRSA, SHA1withDSA > Extension status_request_v2 > CertStatusReqItemV2: ocsp_multi, OCSPStatusRequest > ResponderIds: > Extensions: > CertStatusReqItemV2: ocsp, OCSPStatusRequest > ResponderIds: > Extensions: > Extension status_request: ocsp, OCSPStatusRequest > ResponderIds: > Extensions: > *** > %% Initialized: [Session-4, SSL_NULL_WITH_NULL_NULL] > NioProcessor-6, fatal error: 40: no cipher suites in common > javax.net.ssl.SSLHandshakeException: no cipher suites in common > %% Invalidated: [Session-4, SSL_NULL_WITH_NULL_NULL] > NioProcessor-6, fatal: engine already closed. Rethrowing > javax.net.ssl.SSLHandshakeException: no cipher suites in common > 10:48:16,382 WARN [org.apache.directory.server.ldap.LdapProtocolHandler] > (NioProcessor-6) Unexpected exception forcing session to close: sending > disconnect notice to client.: javax.net.ssl.SSLHandshakeException: SSL > handshake failed. > at > org.apache.mina.filter.ssl.SslFilter.messageReceived(SslFilter.java:519) > {code} > Once I specify on client side > {code} > tlsConfig.setEnabledCipherSuites(new String[] { > "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", > "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", > "TLS_RSA_WITH_AES_256_CBC_SHA256", > "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", > "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", > "TLS_DHE_RSA_WITH_AES_25
[jira] [Commented] (DIRSERVER-2223) JDK 9 ldaps does not work
[ https://issues.apache.org/jira/browse/DIRSERVER-2223?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16391962#comment-16391962 ] Emmanuel Lecharny commented on DIRSERVER-2223: -- Can you give it another try ? I just committed everything I had pending on {{ApacheDS}}. You will need to build the LDAP API too. > JDK 9 ldaps does not work > - > > Key: DIRSERVER-2223 > URL: https://issues.apache.org/jira/browse/DIRSERVER-2223 > Project: Directory ApacheDS > Issue Type: Bug >Affects Versions: 2.0.0-M24 >Reporter: Martin Choma >Priority: Major > > I have migrated from JDK 8 to JDK 9. I started to get {noformat}no cipher > suites in common{noformat}. > I am using org.apache.directory.api as a client connecting to ApacheDS > ldaps://localhost:10636 url. > I get > {code} > *** ClientHello, TLSv1.2 > RandomCookie: random_bytes = {FD 5B C5 87 7A 4B 58 AC BB BB 1D 62 6C BB DF > CC 12 8F F3 3D 0B 57 EA B5 AC AA 7C E0 94 C6 98 EE} > Session ID: {} > Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, > TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, > TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, > TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, > TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, > TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, > TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, > TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, > TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, > TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, > TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, > TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, > TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, > TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, > TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, > TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, > TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, > TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, > TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, > TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, > TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, > TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, > TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, > SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, > TLS_EMPTY_RENEGOTIATION_INFO_SCSV] > Compression Methods: { 0 } > Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, > sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1} > Extension ec_point_formats, formats: [uncompressed] > Extension signature_algorithms, signature_algorithms: SHA512withECDSA, > SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, > SHA256withRSA, SHA256withDSA, SHA224withECDSA, SHA224withRSA, SHA224withDSA, > SHA1withECDSA, SHA1withRSA, SHA1withDSA > Extension status_request_v2 > CertStatusReqItemV2: ocsp_multi, OCSPStatusRequest > ResponderIds: > Extensions: > CertStatusReqItemV2: ocsp, OCSPStatusRequest > ResponderIds: > Extensions: > Extension status_request: ocsp, OCSPStatusRequest > ResponderIds: > Extensions: > *** > %% Initialized: [Session-4, SSL_NULL_WITH_NULL_NULL] > NioProcessor-6, fatal error: 40: no cipher suites in common > javax.net.ssl.SSLHandshakeException: no cipher suites in common > %% Invalidated: [Session-4, SSL_NULL_WITH_NULL_NULL] > NioProcessor-6, fatal: engine already closed. Rethrowing > javax.net.ssl.SSLHandshakeException: no cipher suites in common > 10:48:16,382 WARN [org.apache.directory.server.ldap.LdapProtocolHandler] > (NioProcessor-6) Unexpected exception forcing session to close: sending > disconnect notice to client.: javax.net.ssl.SSLHandshakeException: SSL > handshake failed. > at > org.apache.mina.filter.ssl.SslFilter.messageReceived(SslFilter.java:519) > {code} > Once I specify on client side > {code} > tlsConfig.setEnabledCipherSuites(new String[] { > "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", > "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", > "TLS_RSA_WITH_AES_256_CBC_SHA256", > "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", > "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", > "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
[jira] [Commented] (DIRSERVER-2223) JDK 9 ldaps does not work
[ https://issues.apache.org/jira/browse/DIRSERVER-2223?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16391957#comment-16391957 ] Emmanuel Lecharny commented on DIRSERVER-2223: -- Ahhh, my bad, I haven't committed my changes :/ Let me do that. > JDK 9 ldaps does not work > - > > Key: DIRSERVER-2223 > URL: https://issues.apache.org/jira/browse/DIRSERVER-2223 > Project: Directory ApacheDS > Issue Type: Bug >Affects Versions: 2.0.0-M24 >Reporter: Martin Choma >Priority: Major > > I have migrated from JDK 8 to JDK 9. I started to get {noformat}no cipher > suites in common{noformat}. > I am using org.apache.directory.api as a client connecting to ApacheDS > ldaps://localhost:10636 url. > I get > {code} > *** ClientHello, TLSv1.2 > RandomCookie: random_bytes = {FD 5B C5 87 7A 4B 58 AC BB BB 1D 62 6C BB DF > CC 12 8F F3 3D 0B 57 EA B5 AC AA 7C E0 94 C6 98 EE} > Session ID: {} > Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, > TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, > TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, > TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, > TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, > TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, > TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, > TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, > TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, > TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, > TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, > TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, > TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, > TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, > TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, > TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, > TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, > TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, > TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, > TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, > TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, > TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, > TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, > SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, > TLS_EMPTY_RENEGOTIATION_INFO_SCSV] > Compression Methods: { 0 } > Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, > sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1} > Extension ec_point_formats, formats: [uncompressed] > Extension signature_algorithms, signature_algorithms: SHA512withECDSA, > SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, > SHA256withRSA, SHA256withDSA, SHA224withECDSA, SHA224withRSA, SHA224withDSA, > SHA1withECDSA, SHA1withRSA, SHA1withDSA > Extension status_request_v2 > CertStatusReqItemV2: ocsp_multi, OCSPStatusRequest > ResponderIds: > Extensions: > CertStatusReqItemV2: ocsp, OCSPStatusRequest > ResponderIds: > Extensions: > Extension status_request: ocsp, OCSPStatusRequest > ResponderIds: > Extensions: > *** > %% Initialized: [Session-4, SSL_NULL_WITH_NULL_NULL] > NioProcessor-6, fatal error: 40: no cipher suites in common > javax.net.ssl.SSLHandshakeException: no cipher suites in common > %% Invalidated: [Session-4, SSL_NULL_WITH_NULL_NULL] > NioProcessor-6, fatal: engine already closed. Rethrowing > javax.net.ssl.SSLHandshakeException: no cipher suites in common > 10:48:16,382 WARN [org.apache.directory.server.ldap.LdapProtocolHandler] > (NioProcessor-6) Unexpected exception forcing session to close: sending > disconnect notice to client.: javax.net.ssl.SSLHandshakeException: SSL > handshake failed. > at > org.apache.mina.filter.ssl.SslFilter.messageReceived(SslFilter.java:519) > {code} > Once I specify on client side > {code} > tlsConfig.setEnabledCipherSuites(new String[] { > "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", > "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", > "TLS_RSA_WITH_AES_256_CBC_SHA256", > "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", > "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", > "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", > "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", > "TLS_EC
[jira] [Commented] (DIRSERVER-2223) JDK 9 ldaps does not work
[ https://issues.apache.org/jira/browse/DIRSERVER-2223?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16391936#comment-16391936 ] Stefan Seelmann commented on DIRSERVER-2223: Hi Emmanuel, I have the following: {code:java} directory-server/core-api/src/main/java/org/apache/directory/server/core/api/LdapCoreSessionConnection.java:[1297,44] constructor BindOperationC ontext in class org.apache.directory.server.core.api.interceptor.context.BindOperationContext cannot be applied to given types; required: org.apache.directory.server.core.api.CoreSession found: org.apache.directory.server.core.api.DirectoryService, reason: actual and formal argument lists differ in length {code} See also on Jenkins (once it is back): [https://builds.apache.org/view/A-D/view/Directory/job/dir-apacheds-ubuntu-deploy/] > JDK 9 ldaps does not work > - > > Key: DIRSERVER-2223 > URL: https://issues.apache.org/jira/browse/DIRSERVER-2223 > Project: Directory ApacheDS > Issue Type: Bug >Affects Versions: 2.0.0-M24 >Reporter: Martin Choma >Priority: Major > > I have migrated from JDK 8 to JDK 9. I started to get {noformat}no cipher > suites in common{noformat}. > I am using org.apache.directory.api as a client connecting to ApacheDS > ldaps://localhost:10636 url. > I get > {code} > *** ClientHello, TLSv1.2 > RandomCookie: random_bytes = {FD 5B C5 87 7A 4B 58 AC BB BB 1D 62 6C BB DF > CC 12 8F F3 3D 0B 57 EA B5 AC AA 7C E0 94 C6 98 EE} > Session ID: {} > Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, > TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, > TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, > TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, > TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, > TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, > TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, > TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, > TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, > TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, > TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, > TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, > TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, > TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, > TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, > TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, > TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, > TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, > TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, > TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, > TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, > TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, > TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, > SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, > TLS_EMPTY_RENEGOTIATION_INFO_SCSV] > Compression Methods: { 0 } > Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, > sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1} > Extension ec_point_formats, formats: [uncompressed] > Extension signature_algorithms, signature_algorithms: SHA512withECDSA, > SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, > SHA256withRSA, SHA256withDSA, SHA224withECDSA, SHA224withRSA, SHA224withDSA, > SHA1withECDSA, SHA1withRSA, SHA1withDSA > Extension status_request_v2 > CertStatusReqItemV2: ocsp_multi, OCSPStatusRequest > ResponderIds: > Extensions: > CertStatusReqItemV2: ocsp, OCSPStatusRequest > ResponderIds: > Extensions: > Extension status_request: ocsp, OCSPStatusRequest > ResponderIds: > Extensions: > *** > %% Initialized: [Session-4, SSL_NULL_WITH_NULL_NULL] > NioProcessor-6, fatal error: 40: no cipher suites in common > javax.net.ssl.SSLHandshakeException: no cipher suites in common > %% Invalidated: [Session-4, SSL_NULL_WITH_NULL_NULL] > NioProcessor-6, fatal: engine already closed. Rethrowing > javax.net.ssl.SSLHandshakeException: no cipher suites in common > 10:48:16,382 WARN [org.apache.directory.server.ldap.LdapProtocolHandler] > (NioProcessor-6) Unexpected exception forcing session to close: sending > disconnect notice to client.: javax.net.ssl.SSLHandshakeException: SSL
[jira] [Commented] (DIRSERVER-2223) JDK 9 ldaps does not work
[ https://issues.apache.org/jira/browse/DIRSERVER-2223?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16391909#comment-16391909 ] Emmanuel Lecharny commented on DIRSERVER-2223: -- What is the error you get ? {{mvn clean install}} should be enough, but if you are using a {{SNAPSHOT}}, you will first need to build the LDAP API first. > JDK 9 ldaps does not work > - > > Key: DIRSERVER-2223 > URL: https://issues.apache.org/jira/browse/DIRSERVER-2223 > Project: Directory ApacheDS > Issue Type: Bug >Affects Versions: 2.0.0-M24 >Reporter: Martin Choma >Priority: Major > > I have migrated from JDK 8 to JDK 9. I started to get {noformat}no cipher > suites in common{noformat}. > I am using org.apache.directory.api as a client connecting to ApacheDS > ldaps://localhost:10636 url. > I get > {code} > *** ClientHello, TLSv1.2 > RandomCookie: random_bytes = {FD 5B C5 87 7A 4B 58 AC BB BB 1D 62 6C BB DF > CC 12 8F F3 3D 0B 57 EA B5 AC AA 7C E0 94 C6 98 EE} > Session ID: {} > Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, > TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, > TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, > TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, > TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, > TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, > TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, > TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, > TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, > TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, > TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, > TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, > TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, > TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, > TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, > TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, > TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, > TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, > TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, > TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, > TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, > TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, > TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, > SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, > TLS_EMPTY_RENEGOTIATION_INFO_SCSV] > Compression Methods: { 0 } > Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, > sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1} > Extension ec_point_formats, formats: [uncompressed] > Extension signature_algorithms, signature_algorithms: SHA512withECDSA, > SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, > SHA256withRSA, SHA256withDSA, SHA224withECDSA, SHA224withRSA, SHA224withDSA, > SHA1withECDSA, SHA1withRSA, SHA1withDSA > Extension status_request_v2 > CertStatusReqItemV2: ocsp_multi, OCSPStatusRequest > ResponderIds: > Extensions: > CertStatusReqItemV2: ocsp, OCSPStatusRequest > ResponderIds: > Extensions: > Extension status_request: ocsp, OCSPStatusRequest > ResponderIds: > Extensions: > *** > %% Initialized: [Session-4, SSL_NULL_WITH_NULL_NULL] > NioProcessor-6, fatal error: 40: no cipher suites in common > javax.net.ssl.SSLHandshakeException: no cipher suites in common > %% Invalidated: [Session-4, SSL_NULL_WITH_NULL_NULL] > NioProcessor-6, fatal: engine already closed. Rethrowing > javax.net.ssl.SSLHandshakeException: no cipher suites in common > 10:48:16,382 WARN [org.apache.directory.server.ldap.LdapProtocolHandler] > (NioProcessor-6) Unexpected exception forcing session to close: sending > disconnect notice to client.: javax.net.ssl.SSLHandshakeException: SSL > handshake failed. > at > org.apache.mina.filter.ssl.SslFilter.messageReceived(SslFilter.java:519) > {code} > Once I specify on client side > {code} > tlsConfig.setEnabledCipherSuites(new String[] { > "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", > "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", > "TLS_RSA_WITH_AES_256_CBC_SHA256", > "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", > "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", > "TLS_DHE_RSA_WIT
[jira] [Commented] (DIRSERVER-2223) JDK 9 ldaps does not work
[ https://issues.apache.org/jira/browse/DIRSERVER-2223?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16391554#comment-16391554 ] Martin Choma commented on DIRSERVER-2223: - This is what problem can be https://github.com/apache/directory-server/pull/2. > JDK 9 ldaps does not work > - > > Key: DIRSERVER-2223 > URL: https://issues.apache.org/jira/browse/DIRSERVER-2223 > Project: Directory ApacheDS > Issue Type: Bug >Affects Versions: 2.0.0-M24 >Reporter: Martin Choma >Priority: Major > > I have migrated from JDK 8 to JDK 9. I started to get {noformat}no cipher > suites in common{noformat}. > I am using org.apache.directory.api as a client connecting to ApacheDS > ldaps://localhost:10636 url. > I get > {code} > *** ClientHello, TLSv1.2 > RandomCookie: random_bytes = {FD 5B C5 87 7A 4B 58 AC BB BB 1D 62 6C BB DF > CC 12 8F F3 3D 0B 57 EA B5 AC AA 7C E0 94 C6 98 EE} > Session ID: {} > Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, > TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, > TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, > TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, > TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, > TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, > TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, > TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, > TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, > TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, > TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, > TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, > TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, > TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, > TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, > TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, > TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, > TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, > TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, > TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, > TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, > TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, > TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, > SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, > TLS_EMPTY_RENEGOTIATION_INFO_SCSV] > Compression Methods: { 0 } > Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, > sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1} > Extension ec_point_formats, formats: [uncompressed] > Extension signature_algorithms, signature_algorithms: SHA512withECDSA, > SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, > SHA256withRSA, SHA256withDSA, SHA224withECDSA, SHA224withRSA, SHA224withDSA, > SHA1withECDSA, SHA1withRSA, SHA1withDSA > Extension status_request_v2 > CertStatusReqItemV2: ocsp_multi, OCSPStatusRequest > ResponderIds: > Extensions: > CertStatusReqItemV2: ocsp, OCSPStatusRequest > ResponderIds: > Extensions: > Extension status_request: ocsp, OCSPStatusRequest > ResponderIds: > Extensions: > *** > %% Initialized: [Session-4, SSL_NULL_WITH_NULL_NULL] > NioProcessor-6, fatal error: 40: no cipher suites in common > javax.net.ssl.SSLHandshakeException: no cipher suites in common > %% Invalidated: [Session-4, SSL_NULL_WITH_NULL_NULL] > NioProcessor-6, fatal: engine already closed. Rethrowing > javax.net.ssl.SSLHandshakeException: no cipher suites in common > 10:48:16,382 WARN [org.apache.directory.server.ldap.LdapProtocolHandler] > (NioProcessor-6) Unexpected exception forcing session to close: sending > disconnect notice to client.: javax.net.ssl.SSLHandshakeException: SSL > handshake failed. > at > org.apache.mina.filter.ssl.SslFilter.messageReceived(SslFilter.java:519) > {code} > Once I specify on client side > {code} > tlsConfig.setEnabledCipherSuites(new String[] { > "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", > "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", > "TLS_RSA_WITH_AES_256_CBC_SHA256", > "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", > "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", > "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", > "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", > "
[jira] [Commented] (DIRSERVER-2223) JDK 9 ldaps does not work
[ https://issues.apache.org/jira/browse/DIRSERVER-2223?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16391498#comment-16391498 ] Martin Choma commented on DIRSERVER-2223: - Thank yout very much. I will have a look. I have tried it with Java9 and works good for me, except of this issue. When Java9 will finish there will be Java10, which will be "same". So this issue should be rather titled with 9+ to keep valid ;) > JDK 9 ldaps does not work > - > > Key: DIRSERVER-2223 > URL: https://issues.apache.org/jira/browse/DIRSERVER-2223 > Project: Directory ApacheDS > Issue Type: Bug >Affects Versions: 2.0.0-M24 >Reporter: Martin Choma >Priority: Major > > I have migrated from JDK 8 to JDK 9. I started to get {noformat}no cipher > suites in common{noformat}. > I am using org.apache.directory.api as a client connecting to ApacheDS > ldaps://localhost:10636 url. > I get > {code} > *** ClientHello, TLSv1.2 > RandomCookie: random_bytes = {FD 5B C5 87 7A 4B 58 AC BB BB 1D 62 6C BB DF > CC 12 8F F3 3D 0B 57 EA B5 AC AA 7C E0 94 C6 98 EE} > Session ID: {} > Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, > TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, > TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, > TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, > TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, > TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, > TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, > TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, > TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, > TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, > TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, > TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, > TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, > TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, > TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, > TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, > TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, > TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, > TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, > TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, > TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, > TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, > TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, > SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, > TLS_EMPTY_RENEGOTIATION_INFO_SCSV] > Compression Methods: { 0 } > Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, > sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1} > Extension ec_point_formats, formats: [uncompressed] > Extension signature_algorithms, signature_algorithms: SHA512withECDSA, > SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, > SHA256withRSA, SHA256withDSA, SHA224withECDSA, SHA224withRSA, SHA224withDSA, > SHA1withECDSA, SHA1withRSA, SHA1withDSA > Extension status_request_v2 > CertStatusReqItemV2: ocsp_multi, OCSPStatusRequest > ResponderIds: > Extensions: > CertStatusReqItemV2: ocsp, OCSPStatusRequest > ResponderIds: > Extensions: > Extension status_request: ocsp, OCSPStatusRequest > ResponderIds: > Extensions: > *** > %% Initialized: [Session-4, SSL_NULL_WITH_NULL_NULL] > NioProcessor-6, fatal error: 40: no cipher suites in common > javax.net.ssl.SSLHandshakeException: no cipher suites in common > %% Invalidated: [Session-4, SSL_NULL_WITH_NULL_NULL] > NioProcessor-6, fatal: engine already closed. Rethrowing > javax.net.ssl.SSLHandshakeException: no cipher suites in common > 10:48:16,382 WARN [org.apache.directory.server.ldap.LdapProtocolHandler] > (NioProcessor-6) Unexpected exception forcing session to close: sending > disconnect notice to client.: javax.net.ssl.SSLHandshakeException: SSL > handshake failed. > at > org.apache.mina.filter.ssl.SslFilter.messageReceived(SslFilter.java:519) > {code} > Once I specify on client side > {code} > tlsConfig.setEnabledCipherSuites(new String[] { > "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", > "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", > "TLS_RSA_WITH_AES_256_CBC_SHA256", > "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA3
[jira] [Commented] (DIRSERVER-2223) JDK 9 ldaps does not work
[ https://issues.apache.org/jira/browse/DIRSERVER-2223?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16391368#comment-16391368 ] Emmanuel Lecharny commented on DIRSERVER-2223: -- Hi Martin, We have not yet started to look a Java 9, and you certainly should not bother trying to use it : its EOL is end of march ([Java 9 EOL|http://www.oracle.com/technetwork/java/eol-135779.html]). That being said, here are some informations : * {{org.apache.directory.server.ldap.handlers.ssl.LdapsInitializer.java}} is where the {{LDAPS}} server is initialized. * The {{org.apache.directory.server.ldap.handlers.extended.StartTlsHandler}} class takes care of the {{StartTLS}} extended operation * The {{org.apache.directory.server.core.security.TlsKeyGenerator}} class generates the key pair if you are using the {{CertGeneration}} extended operation, then then {{org.apache.directory.server.ldap.handlers.extended.CertGenerationRequestHandler}} class is where we generate keypair (using the {{TlsKeyGenerator}} class) Hope it helps... > JDK 9 ldaps does not work > - > > Key: DIRSERVER-2223 > URL: https://issues.apache.org/jira/browse/DIRSERVER-2223 > Project: Directory ApacheDS > Issue Type: Bug >Affects Versions: 2.0.0-M24 >Reporter: Martin Choma >Priority: Major > > I have migrated from JDK 8 to JDK 9. I started to get {noformat}no cipher > suites in common{noformat}. > I am using org.apache.directory.api as a client connecting to ApacheDS > ldaps://localhost:10636 url. > I get > {code} > *** ClientHello, TLSv1.2 > RandomCookie: random_bytes = {FD 5B C5 87 7A 4B 58 AC BB BB 1D 62 6C BB DF > CC 12 8F F3 3D 0B 57 EA B5 AC AA 7C E0 94 C6 98 EE} > Session ID: {} > Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, > TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, > TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, > TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, > TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, > TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, > TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, > TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, > TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, > TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, > TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, > TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, > TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, > TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, > TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, > TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, > TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, > TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, > TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, > TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, > TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, > TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, > TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, > SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, > TLS_EMPTY_RENEGOTIATION_INFO_SCSV] > Compression Methods: { 0 } > Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, > sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1} > Extension ec_point_formats, formats: [uncompressed] > Extension signature_algorithms, signature_algorithms: SHA512withECDSA, > SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, > SHA256withRSA, SHA256withDSA, SHA224withECDSA, SHA224withRSA, SHA224withDSA, > SHA1withECDSA, SHA1withRSA, SHA1withDSA > Extension status_request_v2 > CertStatusReqItemV2: ocsp_multi, OCSPStatusRequest > ResponderIds: > Extensions: > CertStatusReqItemV2: ocsp, OCSPStatusRequest > ResponderIds: > Extensions: > Extension status_request: ocsp, OCSPStatusRequest > ResponderIds: > Extensions: > *** > %% Initialized: [Session-4, SSL_NULL_WITH_NULL_NULL] > NioProcessor-6, fatal error: 40: no cipher suites in common > javax.net.ssl.SSLHandshakeException: no cipher suites in common > %% Invalidated: [Session-4, SSL_NULL_WITH_NULL_NULL] > NioProcessor-6, fatal: engine already closed. Rethrowing > javax.net.ssl.SSLHandshakeException: no cipher suites in common > 10:48:16,382
[jira] [Commented] (DIRSERVER-2223) JDK 9 ldaps does not work
[ https://issues.apache.org/jira/browse/DIRSERVER-2223?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16391232#comment-16391232 ] Martin Choma commented on DIRSERVER-2223: - Could someone, please, point me to code responsible for: * server side TLS * keypair generation If I can spot the problem? > JDK 9 ldaps does not work > - > > Key: DIRSERVER-2223 > URL: https://issues.apache.org/jira/browse/DIRSERVER-2223 > Project: Directory ApacheDS > Issue Type: Bug >Affects Versions: 2.0.0-M24 >Reporter: Martin Choma >Priority: Major > > I have migrated from JDK 8 to JDK 9. I started to get {noformat}no cipher > suites in common{noformat}. > I am using org.apache.directory.api as a client connecting to ApacheDS > ldaps://localhost:10636 url. > I get > {code} > *** ClientHello, TLSv1.2 > RandomCookie: random_bytes = {FD 5B C5 87 7A 4B 58 AC BB BB 1D 62 6C BB DF > CC 12 8F F3 3D 0B 57 EA B5 AC AA 7C E0 94 C6 98 EE} > Session ID: {} > Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, > TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, > TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, > TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, > TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, > TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, > TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, > TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, > TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, > TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, > TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, > TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, > TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, > TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, > TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, > TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, > TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, > TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, > TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, > TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, > TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, > TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, > TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, > SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, > TLS_EMPTY_RENEGOTIATION_INFO_SCSV] > Compression Methods: { 0 } > Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, > sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1} > Extension ec_point_formats, formats: [uncompressed] > Extension signature_algorithms, signature_algorithms: SHA512withECDSA, > SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, > SHA256withRSA, SHA256withDSA, SHA224withECDSA, SHA224withRSA, SHA224withDSA, > SHA1withECDSA, SHA1withRSA, SHA1withDSA > Extension status_request_v2 > CertStatusReqItemV2: ocsp_multi, OCSPStatusRequest > ResponderIds: > Extensions: > CertStatusReqItemV2: ocsp, OCSPStatusRequest > ResponderIds: > Extensions: > Extension status_request: ocsp, OCSPStatusRequest > ResponderIds: > Extensions: > *** > %% Initialized: [Session-4, SSL_NULL_WITH_NULL_NULL] > NioProcessor-6, fatal error: 40: no cipher suites in common > javax.net.ssl.SSLHandshakeException: no cipher suites in common > %% Invalidated: [Session-4, SSL_NULL_WITH_NULL_NULL] > NioProcessor-6, fatal: engine already closed. Rethrowing > javax.net.ssl.SSLHandshakeException: no cipher suites in common > 10:48:16,382 WARN [org.apache.directory.server.ldap.LdapProtocolHandler] > (NioProcessor-6) Unexpected exception forcing session to close: sending > disconnect notice to client.: javax.net.ssl.SSLHandshakeException: SSL > handshake failed. > at > org.apache.mina.filter.ssl.SslFilter.messageReceived(SslFilter.java:519) > {code} > Once I specify on client side > {code} > tlsConfig.setEnabledCipherSuites(new String[] { > "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", > "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", > "TLS_RSA_WITH_AES_256_CBC_SHA256", > "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", > "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", > "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", > "TLS_DHE_DSS_W
[jira] [Commented] (DIRSERVER-2223) JDK 9 ldaps does not work
[ https://issues.apache.org/jira/browse/DIRSERVER-2223?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16372698#comment-16372698 ] Martin Choma commented on DIRSERVER-2223: - When I try to connect to ApacheDS with Apache Studio both sides negotiate TLS_DH_anon_WITH_AES_256_GCM_SHA384 {code} *** ClientHello, TLSv1.2 RandomCookie: random_bytes = {5A 8E 9A 86 71 3F 08 B8 2C BE AC 65 21 30 3D 87 1B F9 DF 5A 68 B9 1D 14 FE 3F 09 2F 87 D7 E1 4A} Session ID: {} Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, TLS_DH_anon_WITH_AES_256_GCM_SHA384, TLS_DH_anon_WITH_AES_128_GCM_SHA256, TLS_DH_anon_WITH_AES_256_CBC_SHA256, TLS_ECDH_anon_WITH_AES_256_CBC_SHA, TLS_DH_anon_WITH_AES_256_CBC_SHA, TLS_DH_anon_WITH_AES_128_CBC_SHA256, TLS_ECDH_anon_WITH_AES_128_CBC_SHA, TLS_DH_anon_WITH_AES_128_CBC_SHA, TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA, SSL_DH_anon_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_DH_anon_WITH_DES_CBC_SHA, TLS_RSA_WITH_NULL_SHA256, TLS_ECDHE_ECDSA_WITH_NULL_SHA, TLS_ECDHE_RSA_WITH_NULL_SHA, SSL_RSA_WITH_NULL_SHA, TLS_ECDH_ECDSA_WITH_NULL_SHA, TLS_ECDH_RSA_WITH_NULL_SHA, TLS_ECDH_anon_WITH_NULL_SHA, SSL_RSA_WITH_NULL_MD5, TLS_KRB5_WITH_3DES_EDE_CBC_SHA, TLS_KRB5_WITH_3DES_EDE_CBC_MD5, TLS_KRB5_WITH_DES_CBC_SHA, TLS_KRB5_WITH_DES_CBC_MD5] Compression Methods: { 0 } Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1} Extension ec_point_formats, formats: [uncompressed] Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA224withECDSA, SHA224withRSA, SHA224withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA Unsupported extension type_23, data: {code} > JDK 9 ldaps does not work > - > > Key: DIRSERVER-2223 > URL: https://issues.apache.org/jira/browse/DIRSERVER-2223 > Project: Directory ApacheDS > Issue Type: Bug >Affects Versions: 2.0.0-M24 >Reporter: Martin Choma >Priority: Major > > I have migrated from JDK 8 to JDK 9. I started to get {noformat}no cipher > suites in common{noformat}. > I am using org.apache.directory.api as a client connecting to ApacheDS > ldaps://localhost:10636 url. > I get > {code} > *** ClientHello, TLSv1.2 > RandomCookie: random_bytes = {FD 5B C5 87 7A 4B 58 AC BB BB 1D 62 6C BB DF > CC 12 8F F3 3D 0B 57 EA B5 AC AA 7C E0 94 C6 98 EE} > Session ID: {} > Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, > TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, > TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, > TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, > TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, > TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, > TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RS
[jira] [Commented] (DIRSERVER-2223) JDK 9 ldaps does not work
[ https://issues.apache.org/jira/browse/DIRSERVER-2223?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16372697#comment-16372697 ] Martin Choma commented on DIRSERVER-2223: - On jdk 8 it looks like this: {code} *** ClientHello, TLSv1.2 RandomCookie: GMT: 1502449498 bytes = { 245, 92, 232, 95, 94, 186, 2, 77, 224, 233, 30, 88, 98, 26, 100, 155, 131, 156, 183, 204, 57, 177, 163, 107, 106, 161, 170, 106 } Session ID: {} Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV] Compression Methods: { 0 } Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1} Extension ec_point_formats, formats: [uncompressed] Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA224withECDSA, SHA224withRSA, SHA224withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA Extension extended_master_secret *** {code} And both side agree on TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 > JDK 9 ldaps does not work > - > > Key: DIRSERVER-2223 > URL: https://issues.apache.org/jira/browse/DIRSERVER-2223 > Project: Directory ApacheDS > Issue Type: Bug >Affects Versions: 2.0.0-M24 >Reporter: Martin Choma >Priority: Major > > I have migrated from JDK 8 to JDK 9. I started to get {noformat}no cipher > suites in common{noformat}. > I am using org.apache.directory.api as a client connecting to ApacheDS > ldaps://localhost:10636 url. > I get > {code} > *** ClientHello, TLSv1.2 > RandomCookie: random_bytes = {FD 5B C5 87 7A 4B 58 AC BB BB 1D 62 6C BB DF > CC 12 8F F3 3D 0B 57 EA B5 AC AA 7C E0 94 C6 98 EE} > Session ID: {} > Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, > TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, > TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, > TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, > TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, > TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, > TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, > TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, > TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, > TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, > TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, > TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, > TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, > TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, > TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, > TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_EC