freeipa team mailing list archive
-
freeipa team
-
Mailing list archive
-
Message #00510
[Bug 1730039] [NEW] 389-console fails to connect with TLSv1.2
Public bug reported:
389-console on Ubuntu 17.10 fails to connect to an instance of dirsrv-
admin that has been configured to allow only TLSv1.2 connections
(389-console on Ubuntu 17.04 works fine against the same instance).
389-console -D 9 debug shows the following error:
CREATE JSS SSLSocket
Unable to create ssl socket
org.mozilla.jss.ssl.SSLSocketException: SSL_VersionRangeSetDefault() for variant=0 with min=768 max=770 out of range (769:772): 0: (0) Unknown error
at org.mozilla.jss.ssl.SSLSocket.setSSLVersionRangeDefault(Native Method)
at org.mozilla.jss.ssl.SSLSocket.setSSLVersionRangeDefault(SSLSocket.java:1398)
at com.netscape.management.client.comm.HttpsChannel.open(Unknown Source)
at com.netscape.management.client.comm.CommManager.send(Unknown Source)
at com.netscape.management.client.comm.HttpManager.get(Unknown Source)
at com.netscape.management.client.console.Console.invoke_task(Unknown Source)
at com.netscape.management.client.console.Console.authenticate_user(Unknown Source)
at com.netscape.management.client.console.Console.<init>(Unknown Source)
at com.netscape.management.client.console.Console.main(Unknown Source)
Downgrading the libjss-java package to version 4.3.1-7build1 from Ubuntu
17.04 fixes the problem.
** Affects: jss (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of FreeIPA,
which is subscribed to jss in Ubuntu.
https://bugs.launchpad.net/bugs/1730039
Title:
389-console fails to connect with TLSv1.2
Status in jss package in Ubuntu:
New
Bug description:
389-console on Ubuntu 17.10 fails to connect to an instance of dirsrv-
admin that has been configured to allow only TLSv1.2 connections
(389-console on Ubuntu 17.04 works fine against the same instance).
389-console -D 9 debug shows the following error:
CREATE JSS SSLSocket
Unable to create ssl socket
org.mozilla.jss.ssl.SSLSocketException: SSL_VersionRangeSetDefault() for variant=0 with min=768 max=770 out of range (769:772): 0: (0) Unknown error
at org.mozilla.jss.ssl.SSLSocket.setSSLVersionRangeDefault(Native Method)
at org.mozilla.jss.ssl.SSLSocket.setSSLVersionRangeDefault(SSLSocket.java:1398)
at com.netscape.management.client.comm.HttpsChannel.open(Unknown Source)
at com.netscape.management.client.comm.CommManager.send(Unknown Source)
at com.netscape.management.client.comm.HttpManager.get(Unknown Source)
at com.netscape.management.client.console.Console.invoke_task(Unknown Source)
at com.netscape.management.client.console.Console.authenticate_user(Unknown Source)
at com.netscape.management.client.console.Console.<init>(Unknown Source)
at com.netscape.management.client.console.Console.main(Unknown Source)
Downgrading the libjss-java package to version 4.3.1-7build1 from
Ubuntu 17.04 fixes the problem.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/jss/+bug/1730039/+subscriptions
Follow ups