Re: PassSync to 389DS SSL Error: Peer reports incompatible or unsupported protocol version.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Paul,

Sorry for the delay in the answer.

Our senior engineers have analyzed your problem. In fact pass sync 1.1.6 is using tlsv1.1. 

The first version of 389-ds-base in RHEL6 using this protocol is release 60, recently delivered, corresponding to RHEL6.7. 

An article has been written by the experts which will be published soon into our knowledge base describing this issue. 

Regards,

German. 


> On Jul 28, 2015, at 8:23, ozikat <ozikat12@xxxxxxxxx> wrote:
> 
> Hi All,
> 
> No luck, have inserted nsTLS1: on
> 
> Can't work still. Still stay with PassSync 1.2.11.15
> 
> --
> Paul Ooi
> 
> 
> 
>> On 7/27/15 23:25, German Parente wrote:
>> Hi Ozikat,
>> 
>> please, send your feedback as possible.
>> 
>> thanks and regards,
>> 
>> German.
>> 
>> ----- Original Message -----
>>> From: "ozikat" <ozikat12@xxxxxxxxx>
>>> To: 389-users@xxxxxxxxxxxxxxxxxxxxxxx
>>> Sent: Monday, July 27, 2015 4:43:16 PM
>>> Subject: Re:  PassSync to 389DS SSL Error: Peer reports incompatible or unsupported protocol version.
>>> 
>>> Hi German,
>>> 
>>> I am using 389-DS-BASE 1.2.11.15-48.el6_6. I got it working when
>>> installed PassSync 1.2.11.15 on the Windows 2008 R2 server.
>>> 
>>> I will try to add nsTLS1 and see whether it works on 1.2.11.16
>>> 
>>> Thank you.
>>> 
>>> --
>>> Ozikat
>>> 
>>>> On 7/27/15 18:31, German Parente wrote:
>>>> Hi,
>>>> 
>>>> Which is the version of 389-ds-base you are running ?
>>>> 
>>>> By the way, have you enabled TLS on server side ?
>>>> 
>>>> In entry:
>>>> 
>>>> dn: cn=encryption,cn=config
>>>> 
>>>> the attribute nsTLS1 should be "on" :
>>>> 
>>>> nsTLS1: on
>>>> 
>>>> Thanks and regards,
>>>> 
>>>> German.
>>>> 
>>>> 
>>>> ----- Original Message -----
>>>>> From: "ozikat" <ozikat12@xxxxxxxxx>
>>>>> To: 389-users@xxxxxxxxxxxxxxxxxxxxxxx
>>>>> Sent: Sunday, July 26, 2015 6:20:13 PM
>>>>> Subject:  PassSync to 389DS SSL Error: Peer reports
>>>>> incompatible or unsupported protocol version.
>>>>> 
>>>>> Good day everyday,
>>>>> 
>>>>> I came across the problem to connect from 389PassSync Version
>>>>> 1.1.6-x86_64 running on Windows 2008 R2 _to_ 389-DS version 1.2.11.15
>>>>> that running on Linux CentOS 6.6.
>>>>> 
>>>>> Below is the error seen on /var/logs/dirdrv/slapd-xxx/access
>>>>> 
>>>>> ### Access Log Start ###
>>>>> 
>>>>> [26/Jul/2015:15:47:37 +0000] conn=4 fd=65 slot=65 SSL connection from
>>>>> x.x.x.x to y.y.y.y
>>>>> [26/Jul/2015:15:47:37 +0000] conn=4 op=-1 fd=65 closed - Peer reports
>>>>> incompatible or unsupported protocol version.
>>>>> [26/Jul/2015:15:47:45 +0000] conn=5 fd=65 slot=65 SSL connection from
>>>>> x.x.x.x to y.y.y.y
>>>>> [26/Jul/2015:15:47:45 +0000] conn=5 op=-1 fd=65 closed - Peer reports
>>>>> incompatible or unsupported protocol version.
>>>>> [26/Jul/2015:15:48:01 +0000] conn=6 fd=65 slot=65 SSL connection from
>>>>> x.x.x.x to y.y.y.y
>>>>> [26/Jul/2015:15:48:01 +0000] conn=6 op=-1 fd=65 closed - Peer reports
>>>>> incompatible or unsupported protocol version.
>>>>> [26/Jul/2015:15:49:15 +0000] conn=1 fd=64 slot=64 SSL connection from
>>>>> x.x.x.x to y.y.y.y
>>>>> [26/Jul/2015:15:49:15 +0000] conn=1 op=-1 fd=64 closed - Peer reports
>>>>> incompatible or unsupported protocol version.
>>>>> 
>>>>> ### Access Log End ###
>>>>> 
>>>>> I tried to connect using ldp.exe on Windows 2008 Server, it seems ok.
>>>>> Just that PassSync unable to communicate via the SSL connections from
>>>>> the server.
>>>>> 
>>>>> ###### ldp.exe start #####
>>>>> ld = ldap_open("curry.noodle.com", 636);
>>>>> Established connection to curry.noodle.com.
>>>>> Retrieving base DSA information...
>>>>> Getting 1 entries:
>>>>> Dn: (RootDSE)
>>>>> dataversion: 020150726160257020150726160257;
>>>>> defaultnamingcontext: dc=noodle,dc=com;
>>>>> namingContexts (2): dc=noodle,dc=com; o=netscaperoot;
>>>>> netscapemdsuffix: cn=ldap://dc=curry,dc=noodle,dc=com:389;
>>>>> objectClass: top;
>>>>> supportedControl (21): 2.16.840.1.113730.3.4.2; 2.16.840.1.113730.3.4.3;
>>>>> 2.16.840.1.113730.3.4.4; 2.16.840.1.113730.3.4.5; 1.2.840.113556.1.4.473
>>>>> = ( SORT ); 2.16.840.1.113730.3.4.9 = ( VLVREQUEST );
>>>>> 2.16.840.1.113730.3.4.16; 2.16.840.1.113730.3.4.15;
>>>>> 2.16.840.1.113730.3.4.17; 2.16.840.1.113730.3.4.19;
>>>>> 1.3.6.1.4.1.42.2.27.8.5.1; 1.3.6.1.4.1.42.2.27.9.5.2;
>>>>> 1.2.840.113556.1.4.319 = ( PAGED_RESULT ); 1.3.6.1.4.1.42.2.27.9.5.8;
>>>>> 1.3.6.1.4.1.4203.666.5.16; 2.16.840.1.113730.3.4.14;
>>>>> 2.16.840.1.113730.3.4.20; 1.3.6.1.4.1.1466.29539.12;
>>>>> 2.16.840.1.113730.3.4.12; 2.16.840.1.113730.3.4.18;
>>>>> 2.16.840.1.113730.3.4.13;
>>>>> supportedExtension (14): 2.16.840.1.113730.3.5.7;
>>>>> 2.16.840.1.113730.3.5.8; 2.16.840.1.113730.3.5.3;
>>>>> 2.16.840.1.113730.3.5.12; 2.16.840.1.113730.3.5.5;
>>>>> 2.16.840.1.113730.3.5.6; 2.16.840.1.113730.3.5.9;
>>>>> 2.16.840.1.113730.3.5.4; 2.16.840.1.113730.3.6.5;
>>>>> 2.16.840.1.113730.3.6.6; 2.16.840.1.113730.3.6.7;
>>>>> 2.16.840.1.113730.3.6.8; 1.3.6.1.4.1.1466.20037 = ( START_TLS );
>>>>> 1.3.6.1.4.1.4203.1.11.1;
>>>>> supportedLDAPVersion (2): 2; 3;
>>>>> supportedSASLMechanisms (5): EXTERNAL; CRAM-MD5; DIGEST-MD5; ANONYMOUS;
>>>>> GSSAPI;
>>>>> vendorName: 389 Project;
>>>>> vendorVersion: 389-Directory/1.2.11.15 B2014.314.1342;
>>>>> 
>>>>> -----------
>>>>> res = ldap_simple_bind_s(ld, 'cn=spicy,cn=config', <unavailable>); // v.3
>>>>> Authenticated as: 'cn=spicy,cn=config'.
>>>>> -----------
>>>>> 
>>>>> ###### ldp.exe end #####
>>>>> 
>>>>> Hopefully there are jedi in the rom can help ;)
>>>>> 
>>>>> --
>>>>> Ozikat
>>>>> --
>>>>> 389 users mailing list
>>>>> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
>>>>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>>> --
>>>> 389 users mailing list
>>>> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
>>>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>>> 
>>> --
>>> 389 users mailing list
>>> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
>>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>> --
>> 389 users mailing list
>> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>> 
> --
> 389 users mailing list
> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux