[Tomcat Wiki] Update of "JNDI_startTLs_HowTo" by KonstantinKolinko

[Apache Wiki <wi...@apache.org>]

Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification.

The "JNDI_startTLs_HowTo" page has been changed by KonstantinKolinko:
https://wiki.apache.org/tomcat/JNDI_startTLs_HowTo?action=diff&rev1=4&rev2=5

Comment:
Add link to BZ 49785. Note that this feature is available from Tomcat proper.

+   '''Note:''' Nowadays StartTLS support is implemented in JDNIRealm of Tomcat — starting with Tomcat 7.0.60, 8.0.21 ([[https://bz.apache.org/bugzilla/show_bug.cgi?id=49785|BZ 49785]]).
+ 
+   This old page describes an alternative solution and is kept as a historic reference. Note that BZ 49785 has a [[https://bz.apache.org/bugzilla/show_bug.cgi?id=49785#c1|link]] to this page.
+ 
+ == JNDI StartTLS HowTo ==
+ 
  In reference to: http://www.mail-archive.com/users@tomcat.apache.org/msg80660.html this Howto describes the configuration of a JNDI Realm connecting to an LDAP directory using StartTLS for connection establishment.
  
  StartTLS is the method of negotiating a TLS connection. For LDAP it was first time in RFC 2830, then refined in RFC 4513.
@@ -22, +28 @@

  The code probably needs auditing. More testing. And definitely more tightening: e.g.: When starting the negotiation the client (Tomcat + `LdapTlsContextFactory`) sends an `SSLv2Hello`, which is anything but desirable. This could be due to Sun’s poor defaults in their SSL implementation, an oversight in the code, or because I’ve missed out a JVM startup options.
  
  ----
- [[CategoryFAQ|CategoryFAQ]]
+ [[CategoryFAQ]]
  

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

Re: [Tomcat Wiki] Update of "JNDI_startTLs_HowTo" by KonstantinKolinko

[Felix Schumacher <fe...@internetallee.de>]

Am 14. April 2015 02:27:30 MESZ, schrieb Apache Wiki <wi...@apache.org>:
>Dear Wiki user,
>
>You have subscribed to a wiki page or wiki category on "Tomcat Wiki"
>for change notification.
>
>The "JNDI_startTLs_HowTo" page has been changed by KonstantinKolinko:
>https://wiki.apache.org/tomcat/JNDI_startTLs_HowTo?action=diff&rev1=4&rev2=5
>
>Comment:
>Add link to BZ 49785. Note that this feature is available from Tomcat
>proper.
>
>+   '''Note:''' Nowadays StartTLS support is implemented in JDNIRealm
>of Tomcat &mdash; starting with Tomcat 7.0.60, 8.0.21
>([[https://bz.apache.org/bugzilla/show_bug.cgi?id=49785|BZ 49785]]).
>+ 
>+   This old page describes an alternative solution and is kept as a
>historic reference. Note that BZ 49785 has a
>[[https://bz.apache.org/bugzilla/show_bug.cgi?id=49785#c1|link]] to
>this page.

Thanks for updating the page. 

Felix

>+ 
>+ == JNDI StartTLS HowTo ==
>+ 
>In reference to:
>http://www.mail-archive.com/users@tomcat.apache.org/msg80660.html this
>Howto describes the configuration of a JNDI Realm connecting to an LDAP
>directory using StartTLS for connection establishment.
>  
>StartTLS is the method of negotiating a TLS connection. For LDAP it was
>first time in RFC 2830, then refined in RFC 4513.
>@@ -22, +28 @@
>
>The code probably needs auditing. More testing. And definitely more
>tightening: e.g.: When starting the negotiation the client (Tomcat +
>`LdapTlsContextFactory`) sends an `SSLv2Hello`, which is anything but
>desirable. This could be due to Sun’s poor defaults in their SSL
>implementation, an oversight in the code, or because I’ve missed out a
>JVM startup options.
>  
>  ----
>- [[CategoryFAQ|CategoryFAQ]]
>+ [[CategoryFAQ]]
>  
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
>For additional commands, e-mail: dev-help@tomcat.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org