Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-1892

Backport OPENDJ-1842: Using SSL with JMX doesn't work

    Details

      Description

      While you can configure the JMX connection handler to use SSL, it does not appear to work correctly.

      jconsole cannot connect over SSL, and its fallback of using plaintext also fails.

      Pointing openssl s_client at the port shows:

      $ openssl s_client -connect localhost:1689 -showcerts -tls1
      CONNECTED(00000003)
      140735216522064:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:615:
      ---
      no peer certificate available
      ---
      No client certificate CA names sent
      ---
      SSL handshake has read 0 bytes and written 0 bytes
      ---
      New, (NONE), Cipher is (NONE)
      Secure Renegotiation IS NOT supported
      Compression: NONE
      Expansion: NONE
      SSL-Session:
          Protocol  : TLSv1
          Cipher    : 0000
          Session-ID: 
          Session-ID-ctx: 
          Master-Key: 
          Key-Arg   : None
          PSK identity: None
          PSK identity hint: None
          SRP username: None
          Start Time: 1424447809
          Timeout   : 7200 (sec)
          Verify return code: 0 (ok)
      ---
      

      You get the same behaviour even if you force the certificate nickname in the JMX connection handler to the LDAPS cert.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                patrickdiligent patrick diligent
                Reporter:
                cjr Chris Ridd
                QA Assignee:
                Ondrej Fuchsik
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: