Microsoft LDAP Channel Binding

Bernd Eckenfels ecki at zusammenkunft.net
Wed Dec 18 22:28:24 UTC 2019


Here is a related bug

https://bugs.openjdk.java.net/browse/JDK-8208301 for ADFS.

Gruss
Bernd
--
http://bernd.eckenfels.net

________________________________
Von: Bernd Eckenfels <ecki at zusammenkunft.net>
Gesendet: Mittwoch, Dezember 18, 2019 4:29 AM
An: security-dev at openjdk.java.net
Betreff: Microsoft LDAP Channel Binding

Hello,

Microsoft just released an Security Advisory, announcing that upcoming Windows Server Versions will turn on mandatory TLS Channel Binding (and turn off simple binds with mandatory SASL signing) on LDAP Servers.

They also reminded Administrators to install the KB patch and turn the hardened Settings on.

Do you have experiences with this, will Java (8) work with the setting of "mandatory is supported" (1) and/or "mandatory" (2) for this key, and if not what is the plan here?

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190023

https://support.microsoft.com/en-us/help/4034879/how-to-add-the-ldapenforcechannelbinding-registry-entry

Gruss
Bernd
--
http://bernd.eckenfels.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.java.net/pipermail/security-dev/attachments/20191218/e3e59ede/attachment.htm>


More information about the security-dev mailing list