Im working on an java LDAP-Client and I'm still missing some information or knowledge on how to do this properly.
My Code looks like this:
LdapContext ctx = null;
Hashtable<String, String> env = new Hashtable <String, String>();
try{
env.clear();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "url");
env.put(Context.SECURITY_PRINCIPAL, "user");
env.put(Context.SECURITY_CREDENTIALS, "password");
env.put(Context.SECURITY_PROTOCOL, "ssl");
env.put("java.naming.security.ssl.ciphers", "SSL_RSA_EXPORT_WITH_RC4_40_MD5");
ctx = new InitialLdapContext(env, null);
} catch(NamingException nex) {
// error handling
}
The following things happen at the moment:
- When debugging the ssl connection I see that a TLSv1 Connection is getting established between my LDAP-Server and my programm.
- I see the following for my client & server upon ssl handshake:
*** ClientHello, TLSv1.2and*** ServerHello, TLSv1
The things I'm missing right now:
- I added a cipher to be included but I dont see it in the list of supported ciphers offered in my client's hello message
- I did't specify that my client offers TLS1.2 in his hello message, where does that setting come from?
- I would like to be able to determine myself if I want to use TLS or SSL and which version of either TLS or SSL is going to be used, how can I achieve that? (So I can for example only allow TLS 1.1 & 1.2)
Best Answer
Scan you server first before wasting your time for stuff likely not work at all. use: https://github.com/rbsec/sslscan
It might be possible that your server support TLS 1.0 only.