TransportContext.java:352|Fatal (HANDSHAKE_FAILURE): no cipher suites in common ( "throwable"

[steep8]

Tried to run ldaps on Ubuntu but it does not work, ldap - ok.

Environment: oc: Ubuntu 22.04.1 OS name: "linux", version: "6.5.0-28-generic", arch: "amd64", family: "unix" ldap-server version: v.1.0.0 openjdk 11.0.22 Apache Maven 3.6.3

Steps:

1. Create key store: keytool -validity 365 -genkey -alias lda-example -keyalg RSA -keystore ../ldap-ad-it/keystore/ldap.example.keystore -storepass 1Q2w3e4r -keypass 1Q2w3e4r -dname cn=ldap.example
2. Run server: java -Djavax.net.debug=all -jar target/ldap-server.jar -sp 10636 -skf ../ldap-ad-it/keystore/ldap.example.keystore -skp 1Q2w3e4r
3. Run client LDAPTLS_REQCERT=never ldapsearch -H ldaps://ldap.example:10636 -x -b "ou=users,dc=ldap,dc=example" -D "uid=admin,ou=system" -w secret

Expected result: some data from ldap request

Actual Result: ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

Attached you can find ldap server log:

HANDSHAKE_FAILURE.txt

[glmcz]

Hi

I was able to reproduce your issue. So far I think that the problem is not with the server. Because I used jExplorer and i was able to connect and search for information from the server. I guess that problem was with certificates. We should define CA as localhost and then it works.

So the client should have only generated the certificate from the server's key pair stored in the JKS keystore. That is it. It is so simple, that it is hard to get it :D

btw. Djavax.net.debug=all gives me only bad clues...

[steep8]

So far I think that the problem is not with the server.

Right

I guess that problem was with certificates. We should define CA as localhost and then it works.

Thanks. I regenerated certificates and ldaps works ok after it. The problem was in certificates.