[OpenIdentityPlatform#698] org.forgerock.openam.ldap.secure.protocol.…

…version TLSv1 -> TLS (OpenIdentityPlatform#701)
3A-Systems · Jan 15, 2024 · d68679e · d68679e
1 parent 11b277e
commit d68679e
Show file tree

Hide file tree

Showing 9 changed files with 9 additions and 9 deletions.
diff --git a/...ion/openam-auth-ldap/src/main/java/com/sun/identity/authentication/modules/ldap/LDAP.java b/...ion/openam-auth-ldap/src/main/java/com/sun/identity/authentication/modules/ldap/LDAP.java
@@ -210,7 +210,7 @@ public boolean initializeLDAP() throws AuthLoginException {
             useStartTLS = connectionMode.equalsIgnoreCase("StartTLS");
             isSecure = connectionMode.equalsIgnoreCase("LDAPS") || useStartTLS;
             protocolVersion = CollectionHelper.getMapAttr(
-                    currentConfig, "openam-auth-ldap-secure-protocol-version", "TLSv1");
+                    currentConfig, "openam-auth-ldap-secure-protocol-version", "TLS");
 
             getUserCreationAttrs(currentConfig);
             String tmp = CollectionHelper.getMapAttr(currentConfig,

diff --git a/openam-core/src/main/java/com/iplanet/services/ldap/DSConfigMgr.java b/openam-core/src/main/java/com/iplanet/services/ldap/DSConfigMgr.java
@@ -84,7 +84,7 @@ public class DSConfigMgr implements IDSConfigMgr {
 
     private int connRetryInterval = 1000;
     private HashSet retryErrorCodes = new HashSet();
-    private String defaultProtocolVersion = SystemProperties.get(Constants.LDAP_SERVER_TLS_VERSION, "TLSv1");
+    private String defaultProtocolVersion = SystemProperties.get(Constants.LDAP_SERVER_TLS_VERSION, "TLS");
 
     static Debug debugger = null;
 

diff --git a/openam-core/src/main/java/com/sun/identity/config/util/AjaxPage.java b/openam-core/src/main/java/com/sun/identity/config/util/AjaxPage.java
@@ -170,7 +170,7 @@ protected Connection getConnection(String host, int port, String bindDN, char[]
                 .set(AUTHN_BIND_REQUEST, LDAPRequests.newSimpleBindRequest(bindDN, bindPwd));
 
         if (isSSl) {
-            String defaultProtocolVersion = SystemProperties.get(Constants.LDAP_SERVER_TLS_VERSION, "TLSv1");
+            String defaultProtocolVersion = SystemProperties.get(Constants.LDAP_SERVER_TLS_VERSION, "TLS");
             ldapOptions = ldapOptions.set(SSL_CONTEXT,
                     new SSLContextBuilder().setProtocol(defaultProtocolVersion).getSSLContext());
         }

diff --git a/openam-core/src/main/java/com/sun/identity/idm/common/IdRepoUtils.java b/openam-core/src/main/java/com/sun/identity/idm/common/IdRepoUtils.java
@@ -334,7 +334,7 @@ private static ConnectionFactory getLDAPConnection(Map attrValues)
         String connectionMode = CollectionHelper.getMapAttr(attrValues, LDAP_CONNECTION_MODE);
         if (LDAP_CONNECTION_MODE_LDAPS.equalsIgnoreCase(connectionMode) ||
                 LDAP_CONNECTION_MODE_STARTTLS.equalsIgnoreCase(connectionMode)){
-            String defaultProtocolVersion = SystemProperties.get(Constants.LDAP_SERVER_TLS_VERSION, "TLSv1");
+            String defaultProtocolVersion = SystemProperties.get(Constants.LDAP_SERVER_TLS_VERSION, "TLS");
             options = options.set(SSL_CONTEXT,
                     new SSLContextBuilder().setProtocol(defaultProtocolVersion).getSSLContext());
           if (LDAP_CONNECTION_MODE_STARTTLS.equalsIgnoreCase(connectionMode)) {

diff --git a/openam-core/src/main/java/com/sun/identity/policy/plugins/LDAPConnectionPools.java b/openam-core/src/main/java/com/sun/identity/policy/plugins/LDAPConnectionPools.java
@@ -117,7 +117,7 @@ static void initConnectionPool(String host,
                         debug.message("Create LDAPConnectionPool: " + host);
                     }
                     if (ssl) {
-                        String defaultProtocolVersion = SystemProperties.get(Constants.LDAP_SERVER_TLS_VERSION, "TLSv1");
+                        String defaultProtocolVersion = SystemProperties.get(Constants.LDAP_SERVER_TLS_VERSION, "TLS");
                         options.set(LDAPConnectionFactory.SSL_CONTEXT,
                                 new SSLContextBuilder().setProtocol(defaultProtocolVersion).getSSLContext());
                     }

diff --git a/openam-core/src/main/java/com/sun/identity/setup/AMSetupDSConfig.java b/openam-core/src/main/java/com/sun/identity/setup/AMSetupDSConfig.java
@@ -295,7 +295,7 @@ private synchronized Connection getLDAPConnection(boolean ssl) {
                         .set(AUTHN_BIND_REQUEST, request);
 
                 if (ssl) {
-                    String defaultProtocolVersion = SystemProperties.get(Constants.LDAP_SERVER_TLS_VERSION, "TLSv1");
+                    String defaultProtocolVersion = SystemProperties.get(Constants.LDAP_SERVER_TLS_VERSION, "TLS");
                     options = options.set(SSL_CONTEXT,
                             new SSLContextBuilder().setProtocol(defaultProtocolVersion).getSSLContext());
                 }

diff --git a/openam-core/src/main/java/com/sun/identity/setup/UserIdRepo.java b/openam-core/src/main/java/com/sun/identity/setup/UserIdRepo.java
@@ -392,7 +392,7 @@ private Connection getLDAPConnection(Map userRepo) throws Exception {
                 .set(AUTHN_BIND_REQUEST, request);
 
         if (userSSLStore != null && userSSLStore.equals("SSL")) {
-            String defaultProtocolVersion = SystemProperties.get(Constants.LDAP_SERVER_TLS_VERSION, "TLSv1");
+            String defaultProtocolVersion = SystemProperties.get(Constants.LDAP_SERVER_TLS_VERSION, "TLS");
             options = options.set(SSL_CONTEXT,
                     new SSLContextBuilder().setProtocol(defaultProtocolVersion).getSSLContext());
         }

diff --git a/openam-datastore/src/main/java/org/forgerock/openam/idrepo/ldap/DJLDAPv3Repo.java b/openam-datastore/src/main/java/org/forgerock/openam/idrepo/ldap/DJLDAPv3Repo.java
@@ -236,7 +236,7 @@ public void initialize(Map<String, Set<String>> configParams) throws IdRepoExcep
         String connectionMode = CollectionHelper.getMapAttr(configParams, LDAP_CONNECTION_MODE);
         useStartTLS = LDAP_CONNECTION_MODE_STARTTLS.equalsIgnoreCase(connectionMode);
         isSecure = LDAP_CONNECTION_MODE_LDAPS.equalsIgnoreCase(connectionMode) || useStartTLS;
-        protocolVersion = CollectionHelper.getMapAttr(configParams, LDAP_SERVER_SECURE_PROTOCOL_VERSION, "TLSv1");
+        protocolVersion = CollectionHelper.getMapAttr(configParams, LDAP_SERVER_SECURE_PROTOCOL_VERSION, "TLS");
         bindConnectionFactory = createConnectionFactory(null, null, maxPoolSize);
         connectionFactory = createConnectionFactory(username, password, maxPoolSize);
 

diff --git a/openam-ldap-utils/src/main/java/org/forgerock/openam/ldap/LDAPUtils.java b/openam-ldap-utils/src/main/java/org/forgerock/openam/ldap/LDAPUtils.java
@@ -232,7 +232,7 @@ private static ConnectionFactory newConnectionFactory(LDAPURL ldapurl,
         int heartBeatTimeout =
                 SystemPropertiesManager.getAsInt(Constants.LDAP_HEARTBEAT_TIMEOUT, DEFAULT_HEARTBEAT_TIMEOUT);
         if (ssl != null && ssl.booleanValue()) {
-            String defaultProtocolVersion = SystemPropertiesManager.get(Constants.LDAP_SERVER_TLS_VERSION, "TLSv1");
+            String defaultProtocolVersion = SystemPropertiesManager.get(Constants.LDAP_SERVER_TLS_VERSION, "TLS");
             try {
                 //Creating a defensive copy of ldapOptions to handle the case when a mixture of SSL/non-SSL connections
                 //needs to be established.