Im working on an java LDAP-Client and I'm still missing some information or knowledge on how to do this properly.
My Code looks like this:
LdapContext ctx = null;
Hashtable env = new Hashtable ();
try{
env.clear();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "url");
env.put(Context.SECURITY_PRINCIPAL, "user");
env.put(Context.SECURITY_CREDENTIALS, "password");
env.put(Context.SECURITY_PROTOCOL, "ssl");
env.put("java.naming.security.ssl.ciphers", "SSL_RSA_EXPORT_WITH_RC4_40_MD5");
ctx = new InitialLdapContext(env, null);
} catch(NamingException nex) {
// error handling
}
The following things happen at the moment:
When debugging the ssl connection I see that a TLSv1 Connection is getting established between my LDAP-Server and my programm.
I see the following for my client & server upon ssl handshake: *** ClientHello, TLSv1.2 and *** ServerHello, TLSv1
The things I'm missing right now:
I added a cipher to be included but I dont see it in the list of supported ciphers offered in my client's hello message
I did't specify that my client offers TLS1.2 in his hello message, where does that setting come from?
I would like to be able to determine myself if I want to use TLS or SSL and which version of either TLS or SSL is going to be used, how can I achieve that? (So I can for example only allow TLS 1.1 & 1.2)
解决方案
Scan you server first before wasting your time for stuff likely not work at all. use: https://github.com/rbsec/sslscan
It might be possible that your server support TLS 1.0 only.
扫一扫
1221
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
