IDP 2.4.3 LDAP Connection over TLS 1.2
Morgan, Andrew Jason
morgan at oregonstate.edu
Mon Nov 25 15:19:55 EST 2019
IDP v2.4.3 is really old! Perhaps your version of Java is also really old and doesn't support TLS v1.2 by default?
My Google search for "java supported tls versions" shows that Java 6 and Java 7 will not use TLS v1.2 by default unless you add some parameters to Java's command-line arguments.
You should be upgrading to IDP v3, too...
Thanks,
Andy Morgan
Identity & Access Management
Oregon State University
________________________________
From: users <users-bounces at shibboleth.net> on behalf of Brian Southern <briansouthern24 at gmail.com>
Sent: Monday, November 25, 2019 11:30 AM
To: users at shibboleth.net <users at shibboleth.net>
Subject: IDP 2.4.3 LDAP Connection over TLS 1.2
Our IdP 2.4.3 is currently configured to connect to Active Directory for the LDAP authentication, however we recently found that it only appears to use TLS 1.0 for this connection. We'd like to upgrade this to only use TLS 1.2. Both the IdP and AD servers are running on Windows Server, and with the registry on both systems set to only permit TLS1.2 we still see (via network packet captures) that the IdP connection only attempts to use TLS 1.0.
Can someone please help describe how to configure the IdP to use TLS 1.2 for the LDAP conenction, or point me to the documentation that describes what TLS versions are supported with this older version of IdP?
Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20191125/49b8cd1f/attachment.html>
More information about the users
mailing list