LDAP over TLS?

zstarman · November 10, 2014, 7:04pm

Hi, with the recent discovery of POODLE, we are disabling SSLv3 in our LDAP servers.

OpenFire is the only problem we are having with finishing this.

When I remove SSLv3 and SSLv2 from the LDAP and leave only TLS1, 1.1 and 1.2 I get this error in the LDAP:

“[10/Nov/2014:13:54:25 -0500] DISCONNECT conn=43975 reason=“I/O Error” msg=“An IO error occurred while reading a request from the client: javax.net.ssl.SSLHandshakeException: SSLv2Hello is disabled””

Is there any way to use LDAPS with TLS instead of SSL? It’s strange openfire is setup to use SSLv2…Would it be in the server properties file somewhere?

Do the new updates support this?

Thank you…

zstarman · November 10, 2014, 7:15pm

I guess I can answer my own question.

I was running an older version of OpenFire, 3.8.x.

I updated to the ldatest, 3.9.1 (I think) and LDAPS over TLS is working fine now.

If anyone is having this issue, just update openfire, thanks.

Michael_Kesper · November 11, 2014, 8:19am

How did you configure openfire to use LDAP with TLS? Was it enough to check “use ssl” in advanced settings?

zstarman · November 12, 2014, 2:43pm

Yeah that’s all I needed to do.