How to specify SSL/TLS version on Java LDAP connec

2019-04-16 00:53发布

站内文章 / Java
22 0 0

问题:

Im working on an java LDAP-Client and I'm still missing some information or knowledge on how to do this properly.

My Code looks like this:

LdapContext ctx = null;
Hashtable<String, String> env = new Hashtable <String, String>();
try{
    env.clear();
    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
    env.put(Context.PROVIDER_URL, "url");
    env.put(Context.SECURITY_PRINCIPAL, "user");
    env.put(Context.SECURITY_CREDENTIALS, "password");
    env.put(Context.SECURITY_PROTOCOL, "ssl");
    env.put("java.naming.security.ssl.ciphers", "SSL_RSA_EXPORT_WITH_RC4_40_MD5");
    ctx = new InitialLdapContext(env, null);
} catch(NamingException nex) {
    // error handling
}

The following things happen at the moment:

  • When debugging the ssl connection I see that a TLSv1 Connection is getting established between my LDAP-Server and my programm.
  • I see the following for my client & server upon ssl handshake: *** ClientHello, TLSv1.2 and *** ServerHello, TLSv1

The things I'm missing right now:

  • I added a cipher to be included but I dont see it in the list of supported ciphers offered in my client's hello message
  • I did't specify that my client offers TLS1.2 in his hello message, where does that setting come from?
  • I would like to be able to determine myself if I want to use TLS or SSL and which version of either TLS or SSL is going to be used, how can I achieve that? (So I can for example only allow TLS 1.1 & 1.2)

回答1:

Scan you server first before wasting your time for stuff likely not work at all. use: https://github.com/rbsec/sslscan

It might be possible that your server support TLS 1.0 only.



回答2:

which java version do you use ? It seems that ldap server does not support TLSv1.2 you should specify dedicated ssl socket factory for ldap service.

env.put("java.naming.ldap.factory.socket", CustomTLSSSLSocketFactory.class.getName);

CustomTLSSSLSocketFactory extends SSSLSocketFactory {
public CustomTLSSSLSocketFactory() {
TrustManagerFactory factory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        factory.init((KeyStore) null);
        TrustManager[] defaultTrustManagers = factory.getTrustManagers();

        // create the real socket factory
        SSLContext sc = SSLContext.getInstance("TLS"); //$NON-NLS-1$
        sc.init(null, defaultTrustManagers, null);
        delegate = sc.getSocketFactory();
    }
}


标签: java ssl ldap jndi
举报

收藏的人(0)

Ta的文章 更多文章
登录 后发表评论
0条评论
还没有人评论过~