[jira] [Commented] (DIRSERVER-2024) Add some configuration for the list of supported TLS protocol

["Emmanuel Lecharny (JIRA)" <ji...@apache.org>]

    [ https://issues.apache.org/jira/browse/DIRSERVER-2024?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14222323#comment-14222323 ] 

Emmanuel Lecharny commented on DIRSERVER-2024:
----------------------------------------------

There are a few parameters that can be passed to MINA :
- the list of enabled Ciphers
- the list of enabled protocols
- the client auth flag, either 'need' or 'want'

We need four MAY attributes ({{ads-enabledProtocol}}, {{ads-enabledCipher}}, {{ads-wantClientAuth}}, {{ads-needClientAuth}})
, and we have to augment the {{ads-transport}} objectClass :

{code}
version: 1
dn: m-oid=1.3.6.1.4.1.18060.0.4.1.3.18,ou=objectClasses,cn=adsconfig,ou=schema
m-oid: 1.3.6.1.4.1.18060.0.4.1.3.18
m-name: ads-transport
m-description: A transport (TCP or UDP)
objectclass: top
objectclass: metaTop
objectclass: metaObjectClass
m-supobjectclass: ads-base
m-typeobjectclass: ABSTRACT
m-must: ads-transportId
m-must: ads-systemPort
m-must: ads-transportAddress
m-may: ads-transportBacklog
m-may: ads-transportEnableSSL
m-may: ads-transportNbThreads
m-may: ads-enabledProtocol
m-may: ads-enabledCipher
m-may: ads-wantClientAuth
m-may: ads-needClientAuth
creatorsname: uid=admin,ou=system
{code}

> Add some configuration for the list of supported TLS protocol
> -------------------------------------------------------------
>
>                 Key: DIRSERVER-2024
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-2024
>             Project: Directory ApacheDS
>          Issue Type: Task
>    Affects Versions: 2.0.0-M19
>            Reporter: Emmanuel Lecharny
>             Fix For: 2.0.0-M20
>
>
> We should add some element in the configuration to propagate the list of supported security parameters in the SslEngine



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)