Re: PassSync to 389DS SSL Error: Peer reports incompatible or unsupported protocol version.

German Parente <gparente@xxxxxxxxxx> · Mon, 27 Jul 2015 11:25:53 -0400 (EDT)

Hi Ozikat,

please, send your feedback as possible.

thanks and regards,

German.

----- Original Message -----
> From: "ozikat" <ozikat12@xxxxxxxxx>
> To: 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> Sent: Monday, July 27, 2015 4:43:16 PM
> Subject: Re:  PassSync to 389DS SSL Error: Peer reports incompatible or unsupported protocol version.
> 
> Hi German,
> 
> I am using 389-DS-BASE 1.2.11.15-48.el6_6. I got it working when
> installed PassSync 1.2.11.15 on the Windows 2008 R2 server.
> 
> I will try to add nsTLS1 and see whether it works on 1.2.11.16
> 
> Thank you.
> 
> --
> Ozikat
> 
> On 7/27/15 18:31, German Parente wrote:
> > Hi,
> >
> > Which is the version of 389-ds-base you are running ?
> >
> > By the way, have you enabled TLS on server side ?
> >
> > In entry:
> >
> > dn: cn=encryption,cn=config
> >
> > the attribute nsTLS1 should be "on" :
> >
> > nsTLS1: on
> >
> > Thanks and regards,
> >
> > German.
> >
> >
> > ----- Original Message -----
> >> From: "ozikat" <ozikat12@xxxxxxxxx>
> >> To: 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> >> Sent: Sunday, July 26, 2015 6:20:13 PM
> >> Subject:  PassSync to 389DS SSL Error: Peer reports
> >> incompatible or unsupported protocol version.
> >>
> >> Good day everyday,
> >>
> >> I came across the problem to connect from 389PassSync Version
> >> 1.1.6-x86_64 running on Windows 2008 R2 _to_ 389-DS version 1.2.11.15
> >> that running on Linux CentOS 6.6.
> >>
> >> Below is the error seen on /var/logs/dirdrv/slapd-xxx/access
> >>
> >> ### Access Log Start ###
> >>
> >> [26/Jul/2015:15:47:37 +0000] conn=4 fd=65 slot=65 SSL connection from
> >> x.x.x.x to y.y.y.y
> >> [26/Jul/2015:15:47:37 +0000] conn=4 op=-1 fd=65 closed - Peer reports
> >> incompatible or unsupported protocol version.
> >> [26/Jul/2015:15:47:45 +0000] conn=5 fd=65 slot=65 SSL connection from
> >> x.x.x.x to y.y.y.y
> >> [26/Jul/2015:15:47:45 +0000] conn=5 op=-1 fd=65 closed - Peer reports
> >> incompatible or unsupported protocol version.
> >> [26/Jul/2015:15:48:01 +0000] conn=6 fd=65 slot=65 SSL connection from
> >> x.x.x.x to y.y.y.y
> >> [26/Jul/2015:15:48:01 +0000] conn=6 op=-1 fd=65 closed - Peer reports
> >> incompatible or unsupported protocol version.
> >> [26/Jul/2015:15:49:15 +0000] conn=1 fd=64 slot=64 SSL connection from
> >> x.x.x.x to y.y.y.y
> >> [26/Jul/2015:15:49:15 +0000] conn=1 op=-1 fd=64 closed - Peer reports
> >> incompatible or unsupported protocol version.
> >>
> >> ### Access Log End ###
> >>
> >> I tried to connect using ldp.exe on Windows 2008 Server, it seems ok.
> >> Just that PassSync unable to communicate via the SSL connections from
> >> the server.
> >>
> >> ###### ldp.exe start #####
> >> ld = ldap_open("curry.noodle.com", 636);
> >> Established connection to curry.noodle.com.
> >> Retrieving base DSA information...
> >> Getting 1 entries:
> >> Dn: (RootDSE)
> >> dataversion: 020150726160257020150726160257;
> >> defaultnamingcontext: dc=noodle,dc=com;
> >> namingContexts (2): dc=noodle,dc=com; o=netscaperoot;
> >> netscapemdsuffix: cn=ldap://dc=curry,dc=noodle,dc=com:389;
> >> objectClass: top;
> >> supportedControl (21): 2.16.840.1.113730.3.4.2; 2.16.840.1.113730.3.4.3;
> >> 2.16.840.1.113730.3.4.4; 2.16.840.1.113730.3.4.5; 1.2.840.113556.1.4.473
> >> = ( SORT ); 2.16.840.1.113730.3.4.9 = ( VLVREQUEST );
> >> 2.16.840.1.113730.3.4.16; 2.16.840.1.113730.3.4.15;
> >> 2.16.840.1.113730.3.4.17; 2.16.840.1.113730.3.4.19;
> >> 1.3.6.1.4.1.42.2.27.8.5.1; 1.3.6.1.4.1.42.2.27.9.5.2;
> >> 1.2.840.113556.1.4.319 = ( PAGED_RESULT ); 1.3.6.1.4.1.42.2.27.9.5.8;
> >> 1.3.6.1.4.1.4203.666.5.16; 2.16.840.1.113730.3.4.14;
> >> 2.16.840.1.113730.3.4.20; 1.3.6.1.4.1.1466.29539.12;
> >> 2.16.840.1.113730.3.4.12; 2.16.840.1.113730.3.4.18;
> >> 2.16.840.1.113730.3.4.13;
> >> supportedExtension (14): 2.16.840.1.113730.3.5.7;
> >> 2.16.840.1.113730.3.5.8; 2.16.840.1.113730.3.5.3;
> >> 2.16.840.1.113730.3.5.12; 2.16.840.1.113730.3.5.5;
> >> 2.16.840.1.113730.3.5.6; 2.16.840.1.113730.3.5.9;
> >> 2.16.840.1.113730.3.5.4; 2.16.840.1.113730.3.6.5;
> >> 2.16.840.1.113730.3.6.6; 2.16.840.1.113730.3.6.7;
> >> 2.16.840.1.113730.3.6.8; 1.3.6.1.4.1.1466.20037 = ( START_TLS );
> >> 1.3.6.1.4.1.4203.1.11.1;
> >> supportedLDAPVersion (2): 2; 3;
> >> supportedSASLMechanisms (5): EXTERNAL; CRAM-MD5; DIGEST-MD5; ANONYMOUS;
> >> GSSAPI;
> >> vendorName: 389 Project;
> >> vendorVersion: 389-Directory/1.2.11.15 B2014.314.1342;
> >>
> >> -----------
> >> res = ldap_simple_bind_s(ld, 'cn=spicy,cn=config', <unavailable>); // v.3
> >> Authenticated as: 'cn=spicy,cn=config'.
> >> -----------
> >>
> >> ###### ldp.exe end #####
> >>
> >> Hopefully there are jedi in the rom can help ;)
> >>
> >> --
> >> Ozikat
> >> --
> >> 389 users mailing list
> >> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> >> https://admin.fedoraproject.org/mailman/listinfo/389-users
> > --
> > 389 users mailing list
> > 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> > https://admin.fedoraproject.org/mailman/listinfo/389-users
> >
> --
> 389 users mailing list
> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users