Discussions
Categories
- 17.9K All Categories
- 3.4K Industry Applications
- 3.3K Intelligent Advisor
- 62 Insurance
- 536.1K On-Premises Infrastructure
- 138.2K Analytics Software
- 38.6K Application Development Software
- 5.7K Cloud Platform
- 109.4K Database Software
- 17.5K Enterprise Manager
- 8.8K Hardware
- 71.1K Infrastructure Software
- 105.2K Integration
- 41.6K Security Software
Check if Tlsv1.2 version is enabled for dsee7 server
Hi,
We would like to check if Tlsv1.2 protocol is enabled for the ODSEE7 server. When the application team connects to LDAP with Tlsv1.2 protocol they get SSL hanshake terminated error
vendorVersion: Sun-Directory-Server/11.1.1.7.3;
Below are the queries we have. Please let us know.
- We want to identify if Tlsv1.2 is enabled & supported
- We want to identify the ciphers that need to be enabled for Tlsv1.2 version
- Will this be a result of cipher mismatch between LDAP server & the client ?
Openssl command shows tlsv1.2 is supported
------------------------------------------
openssl s_client -connect <hostname>:<port> -tls1_2
SSL handshake has read 4409 bytes and written 415 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Session-ID: 13452AC58D403CBB27219158A6A15C521397535A6EB310EE624578454B90351A
Session-ID-ctx:
Master-Key: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1616027327
Timeout : 7200 (sec)
Verify return code: 0 (ok)
-----------------------------------------------
------------------------
error at client End:
Couldn't kickstart handshaking (
"throwable" : {
javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake
at java.base/sun.security.ssl.SSLSocketImpl.handleEOF(SSLSocketImpl.java:1321)
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1160)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1063)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:402)
at java.naming/com.sun.jndi.ldap.Connection.createSocket(Connection.java:348)
at java.naming/com.sun.jndi.ldap.Connection.<init>(Connection.java:216)
at java.naming/com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:137)
at java.naming/com.sun.jndi.ldap.LdapClientFactory.createPooledConnection(LdapClientFactory.java:64)
at java.naming/com.sun.jndi.ldap.pool.Connections.<init>(Connections.java:114)
at java.naming/com.sun.jndi.ldap.pool.Pool.getPooledConnection(Pool.java:136)
at java.naming/com.sun.jndi.ldap.LdapPoolManager.getLdapClient(LdapPoolManager.java:340)
at java.naming/com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1608)
at java.naming/com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2752)
at java.naming/com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:320)
at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
Comments
-
This first KM Document also provides a command that can be used to test support for TLS 1.2:
ODSEE - What Versions of SSL and TLS are Supported by the Latest Version of the Directory Server (Doc ID 2047989.1)
This KM is provided for an extra credit reference:
How to Configure ODSEE to Support Specific Security Protocols (Doc ID 2273766.1)
I hope they help.