You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@directory.apache.org by David Boreham <da...@bozemanpass.com> on 2005/05/03 00:12:38 UTC

Has anyone made SSL work ?

Trying to use LDAP over SSL here with clients other than
Java-based (e.g. using Mozilla NSS SSL library).

It seems that the set of ciphers offered by the Apache DS
and the set offered by NSS are non-overlapping.

I'm not up to speed on Java SSL, but some google searching
seems to indicate that there is a common problem with
Java and the 'enabled' cipher suites vs. the 'supported' suites:
the default set of 'enabled' ciphers does not work with
all clients.

Is it possible that the SSLFilter in maven needs to enable
the supported suites to achieve interop with a wide range
of SSL clients ?

Anyone had success interoperating with SSL between Apache DS
and other clients ?

Thanks.

Re: Has anyone made SSL work ?

Posted by David Boreham <da...@bozemanpass.com>.

>
>We didn't incorporate SSL support to ApacheDS yet.  This issue is
>registered to JIRA, and therefore will be fixed soon.  :)
>  
>
Hmm, so it's known to not work even in the current SVN code ?

I guess we were working on fixing it here, but it'd be nice to know
if the problems we're seeing are due to lack of code or configuration 
error ;)

Should we just go ahead to fix whatever problems we find on the basis
that we're already ahead of everyone else in the ssl-working-ness race ?

Re: Has anyone made SSL work ?

Posted by Trustin Lee <tr...@gmail.com>.

Hi,

2005/5/3, David Boreham <da...@bozemanpass.com>:
> Trying to use LDAP over SSL here with clients other than
> Java-based (e.g. using Mozilla NSS SSL library).
> 
> It seems that the set of ciphers offered by the Apache DS
> and the set offered by NSS are non-overlapping.

We didn't incorporate SSL support to ApacheDS yet.  This issue is
registered to JIRA, and therefore will be fixed soon.  :)

> I'm not up to speed on Java SSL, but some google searching
> seems to indicate that there is a common problem with
> Java and the 'enabled' cipher suites vs. the 'supported' suites:
> the default set of 'enabled' ciphers does not work with
> all clients.
> 
> Is it possible that the SSLFilter in maven needs to enable
> the supported suites to achieve interop with a wide range
> of SSL clients ?
> 
> Anyone had success interoperating with SSL between Apache DS
> and other clients ?
> 
> Thanks.

Thanks,
Trustin
-- 
what we call human nature is actually human habit
--
http://gleamynode.net/