This was noticed while working on
OPENDJ-4441. The LDAP connection supports SSL client auth which means that it sends the list of accepted CAs in its SSL handshake. We recently switched our default trust manager to the JVM trust manager which contains 250 or so CAs. The result is that the handshake message has ballooned from a few bytes to over 16KB.
We should either:
- use a different trust manager by default
- not send the list of accepted CAs (it's optional)
- have an an advanced option to control whether the CA list is sent or not.