directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lécharny <elecha...@gmail.com>
Subject Re: ADS 2.0.0 and TLS
Date Fri, 06 Feb 2015 21:48:26 GMT
Le 06/02/15 15:41, John Strockmeyer a écrit :
> Hello. I have several question on the topic of TLS in ApacheDS 2.0.0-M18:
>
> 1. Does ADS support TLS 1.1 and TLS 1.2 over ldaps?
Yes.
>
> 2. I noticed that class
> org.apache.directory.server.protocol.shared.transport.*TcpTransport* class
> has *setEnableSSL *and *enableSSL* functions. Is there a need for two
> functions? Should I be using both of them, or just a specific one would be
> enough?
No idea why those two methods are existing together, while only one is
necessary.
>
> 3. I know that I can use JNDI API in an ldap client via ldaps, but is it
> possible to also use it via StartTLS? Do I need to use "ssl" or "tls" for
> Context.SECURITY_PROTOCOL?
First, LDAPS is considered as deprecated. You should always use the
startTLS extended operation instead.

Second, you would make your life less painfull by using the Apache LDAP
API instead of JNDI/

>
> 4. When using JNDI client, should javax.naming.ldap.*StartTlsResponse* be
> used after instantiating InitialLdapContext?
I don't remember. I have not used JNDI for years ...


Mime
View raw message