Am 14. April 2015 02:27:30 MESZ, schrieb Apache Wiki <wikidi...@apache.org>: >Dear Wiki user, > >You have subscribed to a wiki page or wiki category on "Tomcat Wiki" >for change notification. > >The "JNDI_startTLs_HowTo" page has been changed by KonstantinKolinko: >https://wiki.apache.org/tomcat/JNDI_startTLs_HowTo?action=diff&rev1=4&rev2=5 > >Comment: >Add link to BZ 49785. Note that this feature is available from Tomcat >proper. > >+ '''Note:''' Nowadays StartTLS support is implemented in JDNIRealm >of Tomcat — starting with Tomcat 7.0.60, 8.0.21 >([[https://bz.apache.org/bugzilla/show_bug.cgi?id=49785|BZ 49785]]). >+ >+ This old page describes an alternative solution and is kept as a >historic reference. Note that BZ 49785 has a >[[https://bz.apache.org/bugzilla/show_bug.cgi?id=49785#c1|link]] to >this page.
Thanks for updating the page. Felix >+ >+ == JNDI StartTLS HowTo == >+ >In reference to: >http://www.mail-archive.com/users@tomcat.apache.org/msg80660.html this >Howto describes the configuration of a JNDI Realm connecting to an LDAP >directory using StartTLS for connection establishment. > >StartTLS is the method of negotiating a TLS connection. For LDAP it was >first time in RFC 2830, then refined in RFC 4513. >@@ -22, +28 @@ > >The code probably needs auditing. More testing. And definitely more >tightening: e.g.: When starting the negotiation the client (Tomcat + >`LdapTlsContextFactory`) sends an `SSLv2Hello`, which is anything but >desirable. This could be due to Sun’s poor defaults in their SSL >implementation, an oversight in the code, or because I’ve missed out a >JVM startup options. > > ---- >- [[CategoryFAQ|CategoryFAQ]] >+ [[CategoryFAQ]] > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org >For additional commands, e-mail: dev-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
