IDP 2.4.3 LDAP Connection over TLS 1.2

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

IDP 2.4.3 LDAP Connection over TLS 1.2

Brian Southern
Our IdP 2.4.3 is currently configured to connect to Active Directory for the LDAP authentication, however we recently found that it only appears to use TLS 1.0 for this connection.  We'd like to upgrade this to only use TLS 1.2.  Both the IdP and AD servers are running on Windows Server, and with the registry on both systems set to only permit TLS1.2 we still see (via network packet captures) that the IdP connection only attempts to use TLS 1.0. 

Can someone please help describe how to configure the IdP to use TLS 1.2 for the LDAP conenction, or point me to the documentation that describes what TLS versions are supported with this older version of IdP?

Thank you.

--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: IDP 2.4.3 LDAP Connection over TLS 1.2

Morgan, Andrew Jason
IDP v2.4.3 is really old!  Perhaps your version of Java is also really old and doesn't support TLS v1.2 by default?

My Google search for "java supported tls versions" shows that Java 6 and Java 7 will not use TLS v1.2 by default unless you add some parameters to Java's command-line arguments.

You should be upgrading to IDP v3, too...

Thanks,
Andy Morgan
Identity & Access Management
Oregon State University


From: users <[hidden email]> on behalf of Brian Southern <[hidden email]>
Sent: Monday, November 25, 2019 11:30 AM
To: [hidden email] <[hidden email]>
Subject: IDP 2.4.3 LDAP Connection over TLS 1.2
 
Our IdP 2.4.3 is currently configured to connect to Active Directory for the LDAP authentication, however we recently found that it only appears to use TLS 1.0 for this connection.  We'd like to upgrade this to only use TLS 1.2.  Both the IdP and AD servers are running on Windows Server, and with the registry on both systems set to only permit TLS1.2 we still see (via network packet captures) that the IdP connection only attempts to use TLS 1.0. 

Can someone please help describe how to configure the IdP to use TLS 1.2 for the LDAP conenction, or point me to the documentation that describes what TLS versions are supported with this older version of IdP?

Thank you.

--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: IDP 2.4.3 LDAP Connection over TLS 1.2

Etienne Dysli Metref
On 25/11/2019 21.19, Morgan, Andrew Jason wrote:
> My Google search for "java supported tls versions" shows that Java 6 and
> Java 7 will not use TLS v1.2 by default unless you add some parameters
> to Java's command-line arguments.

See https://java.com/en/configure_crypto.html#enableTLSv1_2 for the JVM
option, but it only works for JDK 7u95 and JDK 6u121 (and later) which
means you must be a paying Oracle customer to get these versions...

  Etienne


--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]

signature.asc (849 bytes) Download Attachment