directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Victor Medina <victor.med...@cibersys.com>
Subject Re: TLS Support
Date Tue, 09 Sep 2014 13:53:14 GMT
root@ldap001:/home/administrador# openssl s_client -connect localhost:10636
CONNECTED(00000003)
depth=0 C = US, O = ASF, OU = Directory, CN = ldap001.test.local
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = US, O = ASF, OU = Directory, CN = ldap001.test.local
verify error:num=27:certificate not trusted
verify return:1
depth=0 C = US, O = ASF, OU = Directory, CN = ldap001.test.local
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
 0 s:/C=US/O=ASF/OU=Directory/CN=ldap001.test.local
   i:/C=US/O=ASF/OU=Directory/CN=ApacheDS
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIBfTCCAScCBgFIVuerVjANBgkqhkiG9w0BAQUFADBCMQswCQYDVQQGEwJVUzEM
MAoGA1UEChMDQVNGMRIwEAYDVQQLEwlEaXJlY3RvcnkxETAPBgNVBAMTCEFwYWNo
ZURTMB4XDTE0MDkwODIwMTQ1NloXDTE1MDkwODIwMTQ1NlowTDELMAkGA1UEBhMC
VVMxDDAKBgNVBAoTA0FTRjESMBAGA1UECxMJRGlyZWN0b3J5MRswGQYDVQQDExJs
ZGFwMDAxLnRlc3QubG9jYWwwXDANBgkqhkiG9w0BAQEFAANLADBIAkEApzet+vAT
GSioE1Gqf6CDdHlZYu/wQjS0Go/43LCZxfZ48W6jnn4Kl1ZAkCLlZF1mTKD1bZpn
dtlJmnJw8v3X4wIDAQABMA0GCSqGSIb3DQEBBQUAA0EAEZKUIUbQ7SxqO2GrFCwK
AUqQUu1L3TiSo8anFIx9ADG+H0Ac8x+s4hTIljddPYdE0sC12+z+y58a6eNdL5fO
OA==
-----END CERTIFICATE-----
subject=/C=US/O=ASF/OU=Directory/CN=ldap001.test.local
issuer=/C=US/O=ASF/OU=Directory/CN=ApacheDS
---
No client certificate CA names sent
---
SSL handshake has read 837 bytes and written 567 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA384
Server public key is 512 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-SHA384
    Session-ID:
540F05BAF680AD3AF54796DA292A8EDCCADDE28677AE541EA4772A81DBA04B08
    Session-ID-ctx:
    Master-Key:
981A10E4F208E3F003B91C9F5E67230DCB64A50876E680F0A04FD597622B6011820083B6F7F0D7A64D8FC69CFEFC3205
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1410270650
    Timeout   : 300 (sec)
    Verify return code: 21 (unable to verify the first certificate)
---

It seems very strong to me, I was looking if it supported GCM, which seems
faster.

2014-09-09 9:10 GMT-04:30 Victor Medina <victor.medina@cibersys.com>:

> so...
>
> where can i find a list of valdi values for TLS Cipher suite?
> ads-enabledCipherSuites
>
> 2014-09-09 8:58 GMT-04:30 Emmanuel Lécharny <elecharny@gmail.com>:
>
> Le 09/09/14 14:05, Kiran Ayyagari a écrit :
>> > On Tue, Sep 9, 2014 at 5:35 PM, Victor Medina <
>> victor.medina@cibersys.com>
>> > wrote:
>> >
>> >> But I believe it uses bouncy castle right?
>> >>
>> >> yes
>>
>> Not anymore for that purpose. We only use the X509 utiliy classes from
>> BC. Everything else is handled by the default Java security classes.
>>
>>
>
>
> --
>
> Víctor E. Medina M.
> Software
> +58424 291 4561
> BB #79A8AFA2 /@VMCibersys
>
>


-- 

Víctor E. Medina M.
Software
+58424 291 4561
BB #79A8AFA2 /@VMCibersys

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message