[OPENDJ-5620] Backport OPENDJ-5553: Rest2Ldap cannot connect to TLSv1.2 servers Created: 25/Oct/18  Updated: 08/Nov/19  Resolved: 28/May/19

Status: Done
Project: OpenDJ
Component/s: core apis, security
Affects Version/s: 6.5.0, 5.5.1
Fix Version/s: 5.5.3

Type: Bug Priority: Critical
Reporter: Chris Ridd Assignee: Chris Ridd
Resolution: Fixed Votes: 0
Labels: Verified

Issue Links:
is a backport of OPENDJ-5553 Rest2Ldap cannot connect to TLSv1.2 s... Done
Story Points: 1
QA Assignee: Ondrej Fuchsik


Rest2Ldap uses SslContextBuilder in order to configure the SslOptions for any outbound LDAP connections to backend LDAP servers. However, SslContextBuilder is hardwired to use the "TLSv1" driver, which causes clients to be constrained to only TLSv1.0 unless specific protocols are enabled using javax.net.ssl.SSLEngine#setEnabledProtocols():

// Select the TLSv1.2 driver. By default this will attempt to use TLSv1.2, then fall-back to 1.1, and then fall-back to 1.0.
serverSslContext = SSLContext.getInstance("TLSv1.2");
serverSslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);

// Constrain the SSL engine to only allow TLSv1.2 (no fall-back)
serverEngine = serverSslContext.createSSLEngine();
serverEngine.setEnabledProtocols(new String[] { "TLSv1.2" });

// Select the TLSv1.0 driver. By default this will be restricted to TLSv1.0. Clients will not be able to connect to the TLSv1.2 only server.
clientSslContext = SSLContext.getInstance("TLSv1");
clientSslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);

// It's possible to upgrade the client even though it's only using a TLSv1 driver. This client will be able to connect to the TLSv1.2 only server.
clientEngine = clientSslContext.createSSLEngine("client", 80);
clientEngine.setEnabledProtocols(new String[] { "TLSv1.2" });

The SslContextBuilder should use the "TLS" driver which usually supports the full range of protocols enabled by the JVM (i.e. excluding black-listed protocols like SSLv3). Using "TLS" will allow clients such as Rest2Ldap to connect to any server as long as the server supports one of the protocols supported by the client. By default we should not touch the list of enabled protocols or ciphers. The user may choose to restrict the set of protocols or ciphers for additional security. Finally, we should never enable the full set of ciphers returned by SSLContext#getSupportedSSLParameters() since this includes ciphers that are not recommended for general use. In particular, enabling a cipher such as "TLS_DH_anon_WITH_AES_256_GCM_SHA384" on the client side will make the client vulnerable to a man in the middle attack since authentication is disabled.

Comment by Ondrej Fuchsik [ 19/Jul/19 ]

Verified with 5.5.3-SNAPSHOT rev. 64de54d4ab8.

Generated at Tue Oct 20 02:30:43 UTC 2020 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.