Shouldn’t Directory be able to configure and add the SSLFiler on demand? It will setup and attempt to start the moment it’s added on the server filterchain.
On Mon, Jan 17, 2022 at 11:10 AM Emmanuel Lécharny <elecha...@gmail.com> wrote: > > > On 17/01/2022 16:48, Jonathan Valliere wrote: > > I think that piece of code is trying to move the concern of configuring > > the SSL into a place which doesn’t have enough information about the > > state. The Ciphers can be set when the Filter is created. If a special > > workflow is needed, you can always extend SSLFilter now which has > > convenient override handlers. > > Well, I don't think it's necessary in this case. > > What we need in LDAP Server is the possibility, on demand, to establish > a crypted session. That means the previous communication was in clear, > and we ask the server to be ready to handle a HS. > > That is as simple. > > Note that in Apache Directory server we have the possibility to define > the ciphers per configuration, and this is taken into account in the > first part of the 'if'. > > I question the second part as it seems to violate the (LDAP StartTLS) RFC. > > So bottom line, it's not a MINA issue, but rather a Directory one. > > -- > Emmanuel Lécharny > -- CONFIDENTIALITY NOTICE: The contents of this email message and any attachments are intended solely for the addressee(s) and may contain confidential and/or privileged information and may be legally protected from disclosure.
