You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@directory.apache.org by el...@apache.org on 2018/03/31 09:19:10 UTC

[directory-server] branch master updated: Don't initiate the handshake on the server side

This is an automated email from the ASF dual-hosted git repository.

elecharny pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/directory-server.git


The following commit(s) were added to refs/heads/master by this push:
     new b89589c  Don't initiate the handshake on the server side
b89589c is described below

commit b89589c8b349d0e3d824d23ccaf17cffdc256db4
Author: Emmanuel Lécharny <el...@symas.com>
AuthorDate: Sat Mar 31 11:19:02 2018 +0200

    Don't initiate the handshake on the server side
---
 .../directory/server/ldap/handlers/extended/StartTlsHandler.java   | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/extended/StartTlsHandler.java b/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/extended/StartTlsHandler.java
index b8484c0..acab795 100644
--- a/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/extended/StartTlsHandler.java
+++ b/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/extended/StartTlsHandler.java
@@ -101,7 +101,7 @@ public class StartTlsHandler implements ExtendedOperationHandler<ExtendedRequest
 
         if ( sslFilter == null )
         {
-            sslFilter = new SslFilter( sslContext );
+            sslFilter = new SslFilter( sslContext, false );
 
             // Set the cipher suite
             if ( ( cipherSuite != null ) && !cipherSuite.isEmpty() )
@@ -116,9 +116,8 @@ public class StartTlsHandler implements ExtendedOperationHandler<ExtendedRequest
             }
             else
             {
-                // Default to a lost without SSLV3
-                sslFilter.setEnabledProtocols( new String[]
-                    { "TLSv1", "TLSv1.1", "TLSv1.2" } );
+                // default to TLS only
+                sslFilter.setEnabledProtocols( new String[]{ "TLSv1", "TLSv1.1", "TLSv1.2" } );
             }
 
             // Set the remaining SSL flags

-- 
To stop receiving notification emails like this one, please contact
elecharny@apache.org.