0
LdapContext ctx = null;
Hashtable<String, String> env = new Hashtable <String, String>();
try{

    env.clear();
    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
    env.put(Context.PROVIDER_URL, "url");
    env.put(Context.SECURITY_PRINCIPAL, "user");
    env.put(Context.SECURITY_CREDENTIALS, "password");
    env.put(Context.SECURITY_PROTOCOL, "ssl");
    env.put("java.naming.security.ssl.ciphers", "SSL_RSA_EXPORT_WITH_RC4_40_MD5");
    ctx = new InitialDirContext(env);
} catch(NamingException nex) {

// error handling
}

I added a cipher to be included but I dont see it in the list of supported ciphers offered in my client's hello message, it still send the default cipher suites......

user207421
  • 305,947
  • 44
  • 307
  • 483
danny
  • 113
  • 1
  • 3
  • 9
  • Where did you find `java.naming.security.ssl.ciphers`? I can't find any evidence that it even exists. – user207421 Mar 15 '17 at 03:20
  • I find it in this question:http://stackoverflow.com/questions/41489403/how-to-specify-ssl-tls-version-on-java-ldap-connection/42800339#42800339 – danny Mar 15 '17 at 03:27
  • but it doesn't work, do you have some solution? – danny Mar 15 '17 at 03:28
  • and here also occurs:http://publib.boulder.ibm.com/tividd/td/IBMDS/guide322/en_US/HTML/Guide.html#Client Side Caching – danny Mar 15 '17 at 03:30
  • You can't cite another StackOverflow question as evidence. The IBM document is over ten years old and applies specifically to the 'IBM JNDI LDAP Provider'. Not Sun's or Oracle's. Clearly they don't support it. – user207421 Mar 15 '17 at 03:42
  • yeah, you are totally right. you meant that on LDAP connection can't specify the TLS cipher suites, right? – danny Mar 15 '17 at 05:19
  • That's what it looks lke. You would have to specify your own socket factory and set them that way. – user207421 Mar 15 '17 at 06:07
  • but on LDAP connection,it uses the Context to set the parameters, it hasn't used the socket factory, so I don't know where to set them. – danny Mar 15 '17 at 06:14
  • Have you considered consulting the documentation? It clearly specifies how to set a socket factory. – user207421 Mar 15 '17 at 06:52
  • thank you, EJP, after refer to the documentation, I can specify the cipher suites through set a socket factory, but I met one new issue, could you give some advice? thanks a lot. I will submit a question in another link:http://stackoverflow.com/questions/42848047/how-to-add-unsupported-cipher-suitesnot-included-in-the-default-cipher-suites – danny Mar 17 '17 at 02:14

0 Answers0