[389-users] PassSync to 389DS SSL Error: Peer reports incompatible or unsupported protocol version.

Tue Jul 28 06:23:30 UTC 2015

Hi All,

No luck, have inserted nsTLS1: on

Can't work still. Still stay with PassSync 1.2.11.15

--
Paul Ooi

On 7/27/15 23:25, German Parente wrote:
> Hi Ozikat,
>
> please, send your feedback as possible.
>
> thanks and regards,
>
> German.
>
> ----- Original Message -----
>> From: "ozikat" <ozikat12 at gmail.com>
>> To: 389-users at lists.fedoraproject.org
>> Sent: Monday, July 27, 2015 4:43:16 PM
>> Subject: Re: [389-users] PassSync to 389DS SSL Error: Peer reports incompatible or unsupported protocol version.
>>
>> Hi German,
>>
>> I am using 389-DS-BASE 1.2.11.15-48.el6_6. I got it working when
>> installed PassSync 1.2.11.15 on the Windows 2008 R2 server.
>>
>> I will try to add nsTLS1 and see whether it works on 1.2.11.16
>>
>> Thank you.
>>
>> --
>> Ozikat
>>
>> On 7/27/15 18:31, German Parente wrote:
>>> Hi,
>>>
>>> Which is the version of 389-ds-base you are running ?
>>>
>>> By the way, have you enabled TLS on server side ?
>>>
>>> In entry:
>>>
>>> dn: cn=encryption,cn=config
>>>
>>> the attribute nsTLS1 should be "on" :
>>>
>>> nsTLS1: on
>>>
>>> Thanks and regards,
>>>
>>> German.
>>>
>>>
>>> ----- Original Message -----
>>>> From: "ozikat" <ozikat12 at gmail.com>
>>>> To: 389-users at lists.fedoraproject.org
>>>> Sent: Sunday, July 26, 2015 6:20:13 PM
>>>> Subject: [389-users] PassSync to 389DS SSL Error: Peer reports
>>>> incompatible or unsupported protocol version.
>>>>
>>>> Good day everyday,
>>>>
>>>> I came across the problem to connect from 389PassSync Version
>>>> 1.1.6-x86_64 running on Windows 2008 R2 _to_ 389-DS version 1.2.11.15
>>>> that running on Linux CentOS 6.6.
>>>>
>>>> Below is the error seen on /var/logs/dirdrv/slapd-xxx/access
>>>>
>>>> ### Access Log Start ###
>>>>
>>>> [26/Jul/2015:15:47:37 +0000] conn=4 fd=65 slot=65 SSL connection from
>>>> x.x.x.x to y.y.y.y
>>>> [26/Jul/2015:15:47:37 +0000] conn=4 op=-1 fd=65 closed - Peer reports
>>>> incompatible or unsupported protocol version.
>>>> [26/Jul/2015:15:47:45 +0000] conn=5 fd=65 slot=65 SSL connection from
>>>> x.x.x.x to y.y.y.y
>>>> [26/Jul/2015:15:47:45 +0000] conn=5 op=-1 fd=65 closed - Peer reports
>>>> incompatible or unsupported protocol version.
>>>> [26/Jul/2015:15:48:01 +0000] conn=6 fd=65 slot=65 SSL connection from
>>>> x.x.x.x to y.y.y.y
>>>> [26/Jul/2015:15:48:01 +0000] conn=6 op=-1 fd=65 closed - Peer reports
>>>> incompatible or unsupported protocol version.
>>>> [26/Jul/2015:15:49:15 +0000] conn=1 fd=64 slot=64 SSL connection from
>>>> x.x.x.x to y.y.y.y
>>>> [26/Jul/2015:15:49:15 +0000] conn=1 op=-1 fd=64 closed - Peer reports
>>>> incompatible or unsupported protocol version.
>>>>
>>>> ### Access Log End ###
>>>>
>>>> I tried to connect using ldp.exe on Windows 2008 Server, it seems ok.
>>>> Just that PassSync unable to communicate via the SSL connections from
>>>> the server.
>>>>
>>>> ###### ldp.exe start #####
>>>> ld = ldap_open("curry.noodle.com", 636);
>>>> Established connection to curry.noodle.com.
>>>> Retrieving base DSA information...
>>>> Getting 1 entries:
>>>> Dn: (RootDSE)
>>>> dataversion: 020150726160257020150726160257;
>>>> defaultnamingcontext: dc=noodle,dc=com;
>>>> namingContexts (2): dc=noodle,dc=com; o=netscaperoot;
>>>> netscapemdsuffix: cn=ldap://dc=curry,dc=noodle,dc=com:389;
>>>> objectClass: top;
>>>> supportedControl (21): 2.16.840.1.113730.3.4.2; 2.16.840.1.113730.3.4.3;
>>>> 2.16.840.1.113730.3.4.4; 2.16.840.1.113730.3.4.5; 1.2.840.113556.1.4.473
>>>> = ( SORT ); 2.16.840.1.113730.3.4.9 = ( VLVREQUEST );
>>>> 2.16.840.1.113730.3.4.16; 2.16.840.1.113730.3.4.15;
>>>> 2.16.840.1.113730.3.4.17; 2.16.840.1.113730.3.4.19;
>>>> 1.3.6.1.4.1.42.2.27.8.5.1; 1.3.6.1.4.1.42.2.27.9.5.2;
>>>> 1.2.840.113556.1.4.319 = ( PAGED_RESULT ); 1.3.6.1.4.1.42.2.27.9.5.8;
>>>> 1.3.6.1.4.1.4203.666.5.16; 2.16.840.1.113730.3.4.14;
>>>> 2.16.840.1.113730.3.4.20; 1.3.6.1.4.1.1466.29539.12;
>>>> 2.16.840.1.113730.3.4.12; 2.16.840.1.113730.3.4.18;
>>>> 2.16.840.1.113730.3.4.13;
>>>> supportedExtension (14): 2.16.840.1.113730.3.5.7;
>>>> 2.16.840.1.113730.3.5.8; 2.16.840.1.113730.3.5.3;
>>>> 2.16.840.1.113730.3.5.12; 2.16.840.1.113730.3.5.5;
>>>> 2.16.840.1.113730.3.5.6; 2.16.840.1.113730.3.5.9;
>>>> 2.16.840.1.113730.3.5.4; 2.16.840.1.113730.3.6.5;
>>>> 2.16.840.1.113730.3.6.6; 2.16.840.1.113730.3.6.7;
>>>> 2.16.840.1.113730.3.6.8; 1.3.6.1.4.1.1466.20037 = ( START_TLS );
>>>> 1.3.6.1.4.1.4203.1.11.1;
>>>> supportedLDAPVersion (2): 2; 3;
>>>> supportedSASLMechanisms (5): EXTERNAL; CRAM-MD5; DIGEST-MD5; ANONYMOUS;
>>>> GSSAPI;
>>>> vendorName: 389 Project;
>>>> vendorVersion: 389-Directory/1.2.11.15 B2014.314.1342;
>>>>
>>>> -----------
>>>> res = ldap_simple_bind_s(ld, 'cn=spicy,cn=config', <unavailable>); // v.3
>>>> Authenticated as: 'cn=spicy,cn=config'.
>>>> -----------
>>>>
>>>> ###### ldp.exe end #####
>>>>
>>>> Hopefully there are jedi in the rom can help ;)
>>>>
>>>> --
>>>> Ozikat
>>>> --
>>>> 389 users mailing list
>>>> 389-users at lists.fedoraproject.org
>>>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>> --
>>> 389 users mailing list
>>> 389-users at lists.fedoraproject.org
>>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>>
>> --
>> 389 users mailing list
>> 389-users at lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>