Skip to content
Permalink
Browse files
DIRAPI-375: Enable TLSv1.3 by default and expose SSLSession to allow …
…clients to retrieve the used protocol, cipher, and certificates
  • Loading branch information
seelmann committed Jun 20, 2021
1 parent bf32f0e commit 4322886f8ed9fe0d2c588f0c557e92e4d160149f
Showing 1 changed file with 23 additions and 1 deletion.
@@ -48,6 +48,7 @@
import java.util.concurrent.locks.ReentrantLock;

import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.security.auth.Subject;
import javax.security.auth.login.Configuration;
@@ -4942,7 +4943,7 @@ private void addSslFilter() throws LdapException
{
// Default to TLS
sslFilter.setEnabledProtocols( new String[]
{ "TLSv1", "TLSv1.1", "TLSv1.2" } );
{ "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3" } );
}

// for LDAPS/TLS
@@ -5379,4 +5380,25 @@ public void event( IoSession session, FilterEvent event ) throws Exception
handshakeFuture.secured();
}
}


/**
* Gets the {@link SSLSession} associated with the connection.
*
* @return the {@link SSLSession} associated with the connection or null if the connection is not secured
*/
public SSLSession getSslSession()
{
if ( isSecured() )
{
SslFilter filter = ( SslFilter ) ioSession.getFilterChain().get( SSL_FILTER_KEY );
SSLSession sslSession = filter.getSslSession( ioSession );
return sslSession;
}
else
{
return null;
}
}

}

0 comments on commit 4322886

Please sign in to comment.