Re: [ovirt-users] Engine AAA LDAP startTLS Protocol Issue

On 02/08/2018 11:04 AM, Alan Griffiths wrote: > > Hi, > > Trying to configure Engine to authenticate against OpenLDAP and I seem > to be hitting a protocol bug. > > Attempts to test the login during the setup fail with > > 2018-02-07 12:27:37,872Z WARNING Exception: The connection reader was > unable to successfully complete TLS negotiation: > SSLException(message='Received fatal alert: protocol_version', > trace='getSSLException(Alerts.java:208) / > getSSLException(Alerts.java:154) / recvAlert(SSLSocketImpl.java:2033) > / readRecord(SSLSocketImpl.java:1135) / > performInitialHandshake(SSLSocketImpl.java:1385) / > startHandshake(SSLSocketImpl.java:1413) / > startHandshake(SSLSocketImpl.java:1397) / > run(LDAPConnectionReader.java:301)', revision=0) > > Running a packet trace I see that it's trying to negotiate with TLS > 1.0, but my LDAP server only support TLS 1.2. I've sent a fix: https://gerrit.ovirt.org/87327 To workaround it just please add to you profile properties file: pool.default.ssl.startTLSProtocol = TLSv1.2 > > This looks like a regression as it works fine in 4.0. > > I see the issue in both 4.1 and 4.2 > > 4.1.9.1 > 4.2.0.2 > > Should I submit a bug? > > Thanks, > > Alan > _______________________________________________ > Users mailing list > Users(a)ovirt.org > http://lists.ovirt.org/mailman/listinfo/users >