LdapCtxt: 2568 /**
2569 * Sets the read timeout value 2570 */ 2571 private void setChannelBindingType(String cbTypeProp) { Not sure if that javadoc is the right one? And I also wonder if enforcing the timeout is needed, and if yes if it should be documented why. Was not obvious to me, what about having two type names (TlsChannelBindingType.TLS_SERVER_END_POINT and TlsChannelBindingType.TLS_SERVER_END_POINT_COMPAT?) This could be configured as a SASL property and it would add the benefit that you don't need the instance specific if in the gssstub native code if you instead have two different types values? Gruss Bernd ________________________________ Von: security-dev <security-dev-boun...@openjdk.java.net> im Auftrag von Alexey Bakhtin <ale...@azul.com> Gesendet: Mittwoch, Mai 27, 2020 11:43 AM An: Valerie Peng Cc: security-...@openjdk.java.net; core-libs-dev@openjdk.java.net; Thomas Maslen Betreff: Re: RFR: 8245527: LDAP Cnannel Binding support for Java GSS/Kerberos Hello Valerie, Unfortunately, Windows LDAP server with LdapEnforceChannelBinding=2 does not accept GSS_C_AF_NULLADDR address type. This is exact reason of these changes. I ve tried to fix inconsistency of address type value in the latest webrev: http://cr.openjdk.java.net/~abakhtin/8245527/webrev.v2/