Return-Path: X-Original-To: apmail-directory-users-archive@www.apache.org Delivered-To: apmail-directory-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 7AEE517801 for ; Sun, 8 Feb 2015 09:50:27 +0000 (UTC) Received: (qmail 66689 invoked by uid 500); 8 Feb 2015 09:50:27 -0000 Delivered-To: apmail-directory-users-archive@directory.apache.org Received: (qmail 66649 invoked by uid 500); 8 Feb 2015 09:50:27 -0000 Mailing-List: contact users-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@directory.apache.org Delivered-To: mailing list users@directory.apache.org Received: (qmail 87122 invoked by uid 99); 6 Feb 2015 21:50:27 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 06 Feb 2015 21:50:27 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of elecharny@gmail.com designates 74.125.82.44 as permitted sender) Received: from [74.125.82.44] (HELO mail-wg0-f44.google.com) (74.125.82.44) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 06 Feb 2015 21:50:21 +0000 Received: by mail-wg0-f44.google.com with SMTP id z12so16078698wgg.3 for ; Fri, 06 Feb 2015 13:48:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=KV0bI+q9scl2HLINGi5C1NBtLJJ4MjdmTy2wkOPbZRU=; b=gMANW8AnmweSW5nKF8RrRSzgBW2dwnCrWMFS6bRNVdxbHKSNb+KGIO98yJR7kF0Aiw pBEaTAmGs8QpKnXPdJcLBWQzejh5ftGwaQjaGMhxJiZ8qtNiFr4rXm/OjXh+prxK8w9r h4jGWJ0OTd21SChIkEF8czfcAclDSImdmzlkXkAK8qh2RnknrjMOhq6K/Z91tT7RFyNY PomkH6HGSpvowOUSLFnp843YnTUifR1ubk9wm2Jst0eZxYtx2wjikwe+OnzLDF735O3Y ZTVhg+eRFA2zBHCh7M/kx/gHEZQ75JDOMQ84cw6ot90ZBpabOtt1FoglhD70XTGmhvMR Tm5A== X-Received: by 10.180.73.40 with SMTP id i8mr7719381wiv.4.1423259310448; Fri, 06 Feb 2015 13:48:30 -0800 (PST) Received: from [192.168.1.3] (47.220.137.78.rev.vodafone.pt. [78.137.220.47]) by mx.google.com with ESMTPSA id pl1sm3083325wic.23.2015.02.06.13.48.28 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 06 Feb 2015 13:48:29 -0800 (PST) Message-ID: <54D536AA.7030103@gmail.com> Date: Fri, 06 Feb 2015 22:48:26 +0100 From: =?UTF-8?B?RW1tYW51ZWwgTMOpY2hhcm55?= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 MIME-Version: 1.0 To: users@directory.apache.org Subject: Re: ADS 2.0.0 and TLS References: In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Virus-Checked: Checked by ClamAV on apache.org Le 06/02/15 15:41, John Strockmeyer a écrit : > Hello. I have several question on the topic of TLS in ApacheDS 2.0.0-M18: > > 1. Does ADS support TLS 1.1 and TLS 1.2 over ldaps? Yes. > > 2. I noticed that class > org.apache.directory.server.protocol.shared.transport.*TcpTransport* class > has *setEnableSSL *and *enableSSL* functions. Is there a need for two > functions? Should I be using both of them, or just a specific one would be > enough? No idea why those two methods are existing together, while only one is necessary. > > 3. I know that I can use JNDI API in an ldap client via ldaps, but is it > possible to also use it via StartTLS? Do I need to use "ssl" or "tls" for > Context.SECURITY_PROTOCOL? First, LDAPS is considered as deprecated. You should always use the startTLS extended operation instead. Second, you would make your life less painfull by using the Apache LDAP API instead of JNDI/ > > 4. When using JNDI client, should javax.naming.ldap.*StartTlsResponse* be > used after instantiating InitialLdapContext? I don't remember. I have not used JNDI for years ...