Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification.
The "JNDI_startTLs_HowTo" page has been changed by KonstantinKolinko: https://wiki.apache.org/tomcat/JNDI_startTLs_HowTo?action=diff&rev1=4&rev2=5 Comment: Add link to BZ 49785. Note that this feature is available from Tomcat proper. + '''Note:''' Nowadays StartTLS support is implemented in JDNIRealm of Tomcat — starting with Tomcat 7.0.60, 8.0.21 ([[https://bz.apache.org/bugzilla/show_bug.cgi?id=49785|BZ 49785]]). + + This old page describes an alternative solution and is kept as a historic reference. Note that BZ 49785 has a [[https://bz.apache.org/bugzilla/show_bug.cgi?id=49785#c1|link]] to this page. + + == JNDI StartTLS HowTo == + In reference to: http://www.mail-archive.com/users@tomcat.apache.org/msg80660.html this Howto describes the configuration of a JNDI Realm connecting to an LDAP directory using StartTLS for connection establishment. StartTLS is the method of negotiating a TLS connection. For LDAP it was first time in RFC 2830, then refined in RFC 4513. @@ -22, +28 @@ The code probably needs auditing. More testing. And definitely more tightening: e.g.: When starting the negotiation the client (Tomcat + `LdapTlsContextFactory`) sends an `SSLv2Hello`, which is anything but desirable. This could be due to Sun’s poor defaults in their SSL implementation, an oversight in the code, or because I’ve missed out a JVM startup options. ---- - [[CategoryFAQ|CategoryFAQ]] + [[CategoryFAQ]] --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
