Oops,should have posted this to the API list. Please disregard this one and I’ll repost over there.
— Shawn > On Jul 3, 2021, at 12:15 PM, Shawn McKinney <[email protected]> wrote: > > Hello, > > A problem with Fortress using LDAPS in the API. It was brought on by this > commit: > > https://github.com/apache/directory-ldap-api/commit/4322886f8ed9fe0d2c588f0c557e92e4d160149f > > > ``` > public class LdapNetworkConnection > … > > // Default to TLS sslFilter.setEnabledProtocols( new String[] > - { "TLSv1", "TLSv1.1", "TLSv1.2" } ); > + { "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3" } ); > ``` > > That is when TLSv1.3 was added as a default enabled protocol in the API, > fortress started having LDAPS connections problems. > > Specifically, connections hang during bind ops, as they’re retrieved from the > pool. > > Looking at the server log, the bind was successful, but the API's async > handler (ignores?) times out. > > When I add this to the Fortress connection pool initialization: > > ``` > config.setEnabledProtocols( new String[] { "TLSv1", "TLSv1.1", "TLSv1.2" } ); > ``` > > Everything then works again as it should. In other words, when bypassing > TLSv1.3 on the client side, it works again. > > Not sure what’s going on, or if my workaround is the best way to handle this > situation. > > Any ideas on what I'm doing wrong? > > Thanks, > > — > Shawn --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
