Just a heads up: On March 24, 2025, starting at 4:30pm CDT / 19:30 UTC, the site will be undergoing scheduled maintenance for a few hours. During this time, the site might be unavailable for a short while. Thanks for your patience.

×
Create
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Confluence LDAPs - javax.net.ssl.SSLHandshakeException | How to Setup TLSv1 for LDAP Access ?

dennis_schneck
dennis_schneck November 20, 2019

 

Hello,

wanna Upgrade to Confluence 7.1.0 from 6.15.x.
Build a clone to check.
But the LDAPs connection to MS Active Directory did not work.

Got this error:

nested exception is javax.naming.CommunicationException: adserver.domain:tld [Root exception is javax.net.ssl.SSLHandshakeException: The server selected protocol version TLS10 is not accepted by client preferences [TLS12, TLS11]]

 

Using OpenJDK 11
The Active Directory did only use TLSv1
How to setup that LDAPs connection work with TLSv1

 

Tryed:  in JDK Dircertoy: conf/security/java.security

jdk.tls.client.protocols="TLSv1,TLSv1.1,TLSv1.2"

But this did not work.

 

Answer
Watch
Like # people like this
6242 views

8 answers

1 vote
dennis_schneck
dennis_schneck October 5, 2021

 

Hi Tommy,

in ../bin/setenv.sh

CATALINA_OPTS="-Djdk.tls.server.protocols=TLSv1,TLSv1.1,TLSv1.2 -Djdk.tls.client.protocols=TLSv1,TLSv1.1,TLSv1.2 ${CATALINA_OPTS}"

 

Hope this helps

 

ensure that you have the needed CAs in the file

../jre/lib/security/cacerts

Reply
0 votes
dennis_schneck
dennis_schneck May 14, 2020

sorry my fail - forgot the cacertfile in the new jdk!

 

It work for me !

  thanks a lot !

View More Comments
Barath Bandaru
Barath Bandaru
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
October 4, 2021

i am getting similar error , can you let me know what you have done

Like
Reply
0 votes
dennis_schneck
dennis_schneck May 14, 2020

In Admin Panel I got this error if test connection:

Grundlegende Verbindung testen : Fehlgeschlagen srv01.domain.tld:636; nested exception is javax.naming.CommunicationException: srv01.domain.tld:636 [Root exception is javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]

Reply
0 votes
dennis_schneck
dennis_schneck May 14, 2020

@Benjamin Heublein 

Did you mean only change the ../bin/setenv.sh

CATALINA_OPTS="-Djdk.tls.server.protocols=TLSv1,TLSv1.1,TLSv1.2 -Djdk.tls.client.protocols=TLSv1,TLSv1.1,TLSv1.2 ${CATALINA_OPTS}"

did not work me - login fail

 

2020-05-14 09:14:48,833 ERROR [https-jsse-nio-8191-exec-21] [crowd.manager.application.ApplicationServiceGeneric] authenticateUser Directory 'LDAP-Server' is not functional during authentication of 'myuser1'. Skipped.

Reply
0 votes
tamarayee
tamarayee May 7, 2020 edited

Even though my Windows server isn't 2008 (it's 2012 R2), adding server support for TLS 1.2 in the registry fixed it for me:

https://support.quovadisglobal.com/kb/a433/how-to-enable-tls-1_2-on-windows-server-2008-r2.aspx

View More Comments
tamarayee
tamarayee May 7, 2020

I was wrong. It helped, but my problem is not all the way fixed.

Like
Reply
0 votes
Benjamin Heublein
Benjamin Heublein
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
April 24, 2020 edited

I had the same probleme with confluence 7.4.0 connecting to jira 8.5.4 with adoptjdk 11

I reenabled tls V1 by changing  the following line in setenv.sh:

CATALINA_OPTS="-Djdk.tls.server.protocols=TLSv1.1,TLSv1.2 -Djdk.tls.client.protocols=TLSv1.1,TLSv1.2 ${CATALINA_OPTS}"

 

to

CATALINA_OPTS="-Djdk.tls.server.protocols=TLSv1,TLSv1.1,TLSv1.2 -Djdk.tls.client.protocols=TLSv1,TLSv1.1,TLSv1.2 ${CATALINA_OPTS}"

That worked for me but doesn't feel good.

View More Comments
Benjamin Heublein
Benjamin Heublein
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
May 7, 2020

Our Problem was that the Apache proxy was still using the unsecure TLSv1.

After reconfiguring our proxy to use just the newer tls versions, the above modification wan't necassary anymore

Like
Reply
0 votes
Software-Admin
Software-Admin
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
December 28, 2019

Same here, worked before with 7.0.2, now with 7.2.0 it doesn't.

Reply
0 votes
Tommy van Extel
Tommy van Extel December 2, 2019

Same here, trying to connect Confluence 7.1.0 to Jira 8.5.1 and getting the TLS error with AdoptOpenJDK 11

Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Upcoming Confluence Events