Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8259707

LDAP channel binding does not work with StartTLS extension

    XMLWordPrintable

Details

    Backports

      Description

        The fix for https://bugs.openjdk.java.net/browse/JDK-8245527 enables LDAP channel binding support for GSS/Kerberos authentication over LDAPS.

        However this does not work if the LDAP StartTLS extension is used. Code may connect to Active Directory anonymously to read the rootDSE and then switch to TLS before authenticating.

        The server certificate used available in the SSLSession returned from StartTlsResponse.negotiate() can be used to determine the channel binding data.

        Attachments

          Issue Links

            Activity

              People

                abakhtin Alexey Bakhtin
                revans Richard Evans
                Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: