[ovirt-users] Engine AAA LDAP startTLS Protocol Issue
Alan Griffiths
apgriffiths79 at gmail.com
Thu Feb 8 13:30:46 UTC 2018
That works. Thanks.
On 8 February 2018 at 12:56, Ondra Machacek <omachace at redhat.com> wrote:
> On 02/08/2018 11:04 AM, Alan Griffiths wrote:
>>
>> Hi,
>>
>> Trying to configure Engine to authenticate against OpenLDAP and I seem
>> to be hitting a protocol bug.
>>
>> Attempts to test the login during the setup fail with
>>
>> 2018-02-07 12:27:37,872Z WARNING Exception: The connection reader was
>> unable to successfully complete TLS negotiation:
>> SSLException(message='Received fatal alert: protocol_version',
>> trace='getSSLException(Alerts.java:208) /
>> getSSLException(Alerts.java:154) / recvAlert(SSLSocketImpl.java:2033)
>> / readRecord(SSLSocketImpl.java:1135) /
>> performInitialHandshake(SSLSocketImpl.java:1385) /
>> startHandshake(SSLSocketImpl.java:1413) /
>> startHandshake(SSLSocketImpl.java:1397) /
>> run(LDAPConnectionReader.java:301)', revision=0)
>>
>> Running a packet trace I see that it's trying to negotiate with TLS
>> 1.0, but my LDAP server only support TLS 1.2.
>
>
> I've sent a fix:
>
> https://gerrit.ovirt.org/87327
>
> To workaround it just please add to you profile properties file:
>
> pool.default.ssl.startTLSProtocol = TLSv1.2
>
>>
>> This looks like a regression as it works fine in 4.0.
>>
>> I see the issue in both 4.1 and 4.2
>>
>> 4.1.9.1
>> 4.2.0.2
>>
>> Should I submit a bug?
>>
>> Thanks,
>>
>> Alan
>> _______________________________________________
>> Users mailing list
>> Users at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>
>
More information about the Users
mailing list