LDAP TLSv1.1 Open Fire 4.0.3

Craig_Huckabee · August 31, 2016, 7:09pm

Due to an internal security scan, we’ve been asked to update our internal LDAP servers to only support TLSv1.1 and greater.

Unfortunately, during testing I’ve noticed this breaks OpenFire as it binds to LDAP for authentication using TLS1.0. We are using Java 8 which supports TLSv1.1 and up, but I cannot find a way to get Open Fire to only use TLSv1.1 or greater.

Browsing the code I saw:

SSLContext.getInstance(“TLS”)

which I tried changing to:

SSLContext.getInstance(“TLSv1.2”)

and recompiling but that didn’t do it - obviously I am missing a setting to flip this on. Anyone else have this issue or know what else needs to be changed ?

Craig_Huckabee · August 31, 2016, 7:34pm

I missed a “SSLContext.getInstance” on my original test, now recompiled and it works as expected. Can changing this setting be added to the admin console or at worst the configuration file ?

wroot · September 1, 2016, 3:55am

Have filed this as https://issues.igniterealtime.org/browse/OF-1186