Hi Jan,
bottom line, we had a big change in the way we deal with TLS in MINA
2.2.4, which breaks.
At this point, I have very little time to analyse the issue we have, but
enough said that rolling back to MINA 2.2.3 is problematic because it
does not support TLS 1.3 properly.
Here, our options are limited:
- either we find some time to fix the MINA 2.2.4 issue (which probably
means a complete rewrite of the SSLFilter/SSLHandler parts)
- or we add a Netty layer
At this point, I think the second option is probably the right thing to
do: first it's going to work, second we will let the API user chose
their network implementation.
Adding a Netty layer comes with some costs: the logic is pretty
different, especially when it comes to encoder/decoder, but it's likely
to be the fastest path.
Thanks for your interest, feel free to contact me if you need more
information.
On 06/06/2025 12:20, Zelmer, Jan wrote:
Dear Sir and Madams,
I was wondering what the big issue with TLS in 2.2.4 is and if I could help.
Some context: we are using the LDAP client API for some of our projects and
Sonar found a serious CVE in the current mina library.
Would you mind forwarding me the email thread discussing this or any other
information, so I can have a look myself?
(I operated a certificate authority for 5 years and maintained associated java
applications, including debugging mutual ssl connections)
Kind Regards,
Jan Zelmer
Commerzbank AG
DLZ2, Mainzer Landstrasse 153, 60327 Frankfurt am Main
Phone +49 69 136 270 03
Mobile +49 160 145 245 0
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org
