Hello everyone, I'm trying to configure one LDAP generic driver to connect using TLS to a OID LDAP directory. So i included the trusted certificate in the keystore of the directory and set the ssl connection in the driver. Now, when i start the driver, i get this error:
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
Which is pretty clear, the handshake for the TLS connection is failing. Pretty hard error o debug i think. So i executed several commands to gadder information about the error. Here is what i got so far:
1. The eDirectory uses OpenSSL 1.0.2, which have at least one cipher that the OID accepts
2. In the attachments, i uploaded the ciphers that the OID accepts.
3. With the tool openssl tried one o those ciphers that both server had in common, and the connection is successful.
4. ndstrace show's this error:
error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown - SSL alert number 46
but the solution i found for others people that posted the same error, is to import the trusted certificate in the keystore, step that i already did (and the certificate is tested by the client send me the email).
So after more research, i come to the conclusion that i need to debug the TLS handshake to see which cipher is selected by IDM that generates the error in the connection. But here i have and issue, i found that if in the java i set the property Djavax.net.debug i can debug this process, and i know that eDirectory uses java, but, i dont know where to set this property and either which log to consume. The other thing that maybe can help me is knowing how to do this with ndstrace.
Waiting for your comments. Thanks in advance for you help!