> On Jul 26, 2017, at 3:19 AM, John Lee <jhn134...@gmail.com> wrote: > > I'm having a problem establishing a LDAPS connection between spring-ldap > client and apacheDS. Details are provided on stackoverflow, as this is the > official forum for spring-ldap and I assume the problem is client-side: > > https://stackoverflow.com/questions/45232244/cannot-establish-tls-connection-between-spring-ldap-client-and-apacheds
Nice writeup on overflwo. This error jumped out at me: Thread-8, handling exception: javax.net.ssl.SSLException: Unsupported record version Unknown-38.2 %% Invalidated: [Session-1, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384] Thread-8, SEND TLSv1.2 ALERT: fatal, description = unexpected_message for which I googled: "javax.net.ssl.SSLException: Unsupported record version Unknown-38.2 %% Invalidated” and found some hits. Have you chased those down? The other thing you can try is connecting with the Apache LDAP API instead of spring ldap. I am not suggesting that spring ldap’s apis are broken on TLS. I’m saying that’s apacheds + its own ldap api are a combination that has been tested by us here and we’re going to have better support for you. There’s some doc about the api and crypto stuff here: http://directory.apache.org/api/user-guide/5.1-ldaps.html Oh and welcome to the list. Good luck. Shawn
