JDK-8259707 : LDAP channel binding does not work with StartTLS extension
- Type: Bug
- Component: core-libs
- Sub-Component: javax.naming
- Priority: P4
- Status: Resolved
- Resolution: Fixed
- Submitted: 2021-01-13
- Updated: 2022-07-12
- Resolved: 2021-01-22
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
| JDK 11 | JDK 13 | JDK 15 | JDK 17 |
|---|---|---|---|
| 11.0.11Fixed | 13.0.7Fixed | 15.0.9Fixed | 17 b07Fixed  |
Related Reports
|
Relates :
|
Description
The fix for https://bugs.openjdk.java.net/browse/JDK-8245527 enables LDAP channel binding support for GSS/Kerberos authentication over LDAPS. However this does not work if the LDAP StartTLS extension is used. Code may connect to Active Directory anonymously to read the rootDSE and then switch to TLS before authenticating. The server certificate used available in the SSLSession returned from StartTlsResponse.negotiate() can be used to determine the channel binding data.
Comments
|