Yes I am doing that but I will need to rebuild.
I don’t recommend TLSv1 - this is already outphased and will lock out TLSv1.2.
I try TLS only as it includes all TLS protocols (depends on JDK).
SSL will not be supported by this (however as I said there are other parts of
the code where there is
I think you can just change the code to read as follows when it creates the
SSLContext:
SSLContext ctx = SSLContext.getInstance("TLSv1");
I don't know if TLS will downgrade to SSL if that's all that's available.
Karl
On Tue, Jan 14, 2020 at 6:02 PM Jörn Franke wrote:
> Yes it you do not
Yes it you do not change this setting as what I suspect happens here. See my
previous mail for details.
> Am 14.01.2020 um 23:51 schrieb Karl Wright :
>
>
> It looks looks TLS is actually enabled in the SSLSocketFactory framework
> based on how you create the SSLSocketContext. See:
>
>
I hope to test my assumption this week.
The reason is that if you look at line 404
https://github.com/apache/manifoldcf/blob/trunk/framework/connector-common/src/main/java/org/apache/manifoldcf/connectorcommon/keystore/KeystoreManager.java
It creates an sslcontext witj ssl only Support but no
The design of ManifoldCF deliberately manages keystores on a connection by
connection basis, not globally. If you think the only way to implement TLS
is via global keystore I very much doubt it.
I am on the road until late tomorrow but somewhere along the line I can do
some research into why TLS
It looks looks TLS is actually enabled in the SSLSocketFactory framework
based on how you create the SSLSocketContext. See:
https://docs.oracle.com/cd/E19698-01/816-7609/security-83/index.html
Karl
On Tue, Jan 14, 2020 at 5:48 PM Karl Wright wrote:
> The design of ManifoldCF deliberately
These are TLS only. So maybe you have other servers where tls and ssl are
possible and it downgrades to ssl.however, this is speculation and I need to
verify it. I have to rebuilt manifold for that. Probably I have to reinstall
everything as the keystorefactory is a dependency in the connector.
If you can recommend changes to support TLS, that would be great. The
basic infrastructure should still work; it is just a custom keystone and
associated SSLSocketFactory, which I think also is used for TLS
connections, unless I am missing something.
On Tue, Jan 14, 2020, 9:38 AM Jörn Franke
Yes this works fine. I believe the error comes from the fact that TLS
connections are not supported.
> Am 14.01.2020 um 15:31 schrieb Michael Cizmar :
>
>
> If you want to test the url and the ssl, I would recommend attempting using
> SSLPoke to confirm that they keystore is setup properly:
If you want to test the url and the ssl, I would recommend attempting using
SSLPoke to confirm that they keystore is setup properly:
https://github.com/MichalHecko/SSLPoke
Michael
From: Karl Wright
Reply-To: "user@manifoldcf.apache.org"
Date: Tuesday, January 14, 2020 at 7:21 AM
To:
I know that the CAs are correct as they work with other Java tools.
> Am 14.01.2020 um 14:21 schrieb Karl Wright :
>
>
> Hmm, others have succeeded setting up SSL connections with the current code.
> Hoping they chime in here.
>
> Karl
>
>> On Tue, Jan 14, 2020, 8:19 AM Jörn Franke wrote:
Hmm, others have succeeded setting up SSL connections with the current
code. Hoping they chime in here.
Karl
On Tue, Jan 14, 2020, 8:19 AM Jörn Franke wrote:
> It seems that it has indeed a certificate issue as it cannot find a valid
> certification path to the target. The thing is: I added
It seems that it has indeed a certificate issue as it cannot find a valid
certification path to the target. The thing is: I added those certificates in
the UI should it should not happen.
> Am 10.01.2020 um 20:51 schrieb Jörn Franke :
>
>
> 2.15 ...
> I will try on the weekend to see if I
Hi All,
Do we support LDAPV3 with/out SSL support?
Kind Regards,
Furkan KAMACI
14 matches
Mail list logo
