Microsoft has new patch with LDAP connection.
Servers with this patch will not accept connections with no 'channel binding'
My code connects today with 'InitialLdapContext'.
I'm preparing the env and create a new InitialLdapContext.
LDAP/LDAPs working fine.
After this patch,
Will servers reject LDAPs connection?
Will I have to add channel binding handling?
I don't see that InitialLdapContext has channel binding handling.
Related
Spring Boot app is hosted on default port server.port=8080 and when I connect to the server, JS client's code calls the same port new SockJS('http://localhost:8080/api/streams'); but port use after connection established for WebSocket?
I suppose data exchange for websocket\stomp work on a different port. But wheat is number?
WebSocket uses the HTTP connection, so it can use that port 8080, or a more normal port 443 (secure) or port 80 (insecure) connection.
A WebSocket connection is established by making an HTTP connection, then asking to upgrade the connection to a WebSocket connection.
As Wikipedia says it:
WebSocket is distinct from HTTP. Both protocols are located at layer 7 in the OSI model and depend on TCP at layer 4. Although they are different, RFC 6455 states that WebSocket "is designed to work over HTTP ports 443 and 80 as well as to support HTTP proxies and intermediaries," thus making it compatible with HTTP. To achieve compatibility, the WebSocket handshake uses the HTTP Upgrade header to change from the HTTP protocol to the WebSocket protocol.
By default there are acceptor elements configured to accept STOMP connections on ports 61616 and 61613.
https://activemq.apache.org/components/artemis/documentation/latest/stomp.html
UPDATE
There are some News on that, see here: https://blogs.msdn.microsoft.com/eventhubs/2018/09/21/azure-event-hubs-websockets-and-proxy-support/
====
Azure's EventProcessorHost can be used to register and EventProcessor against an EventHub:
EventProcessorHost host = new EventProcessorHost(
EventProcessorHost.createHostName(null),
connectionStringBuilder.getEventHubName(),
"$Default",
ConnectionStringBuilder.toString(),
this.storageConnectionString,
this.storageContainerName
);
host.registerEventProcessor(MyEventProcessor.class, options).get();
One can add a proxy beforehand:
OperationContext.setDefaultProxy(
new Proxy(Proxy.Type.HTTP, new InetSocketAddress("proxy.url.com", 1234))
);
Question: How to provide an authentication (username/password) to this proxy?
TLDR: EventProcessorHost java library doesn't support proxy yet. This is a feature under construction.
Event Hubs Java Client sdk currently uses AMQPs protocol over TCP (on socket 5671, standard port assigned by IANA) to communicate to Event Hubs Service. We just built, support for Websockets transport; here' the PR. Building a snapshot version on dev branch and adding parameter TransportType=AmqpWebSockets in the ConnectionString should enable the client to talk to the EventHubs service over port 443.
We are building support for proxy using basic auth - by end of September. follow this for updates.
I need some help with doing netty socket io over https. I have got it to in my local env but not on a server with secure domain. The server starts but client isn't able to connect. Tried by starting the socket server with IP as well as domain name. For the server to start with domain name as hostname value in setHostname method, I added an entry in /etc/hosts file as following
127.0.0.1 localhost example.com
Socket server started by giving example.com as hostname but client isn't able to connect using the same hostname over https as following
var socket = io.connect('https://example.com:10443')
Tried with options - { secure: true, reconnect: true, rejectUnauthorized : false } too but the same issue.
On server side my configuration is as following
Configuration configuration = new Configuration();
configuration.setHostname("example.com");
configuration.setPort(10443);
configuration.setKeyStorePassword("mypassword");
InputStream stream = getClass().getClassLoader().getResourceAsStream("keystore.jks");
configuration.setKeyStore(stream);
The jsk file was created using keytool command for the same domain (example.com)
Is there something more to be done for the port - 10443 to be used by the socket server? Or is there any other configuration to be done?
Got the solution! I had not mentioned that the domain was set up on cloudflare. Here the issue was with the port I used - 10443. It's not supported by cloudflare. Changed it to 8443 and it worked!
For those who come across this, please find here the list of supported ports that Cloudflare work with. May save much of your time unlike me.
Also, please note that I used my public IP as hostname in setHostname() method so that I don't need anything added in my hosts file. Then gave the actual domain name with https on client side to connect to the server. That's it. Thank you all!
Sandeep
I'm working on a java mail client (part of a web application running in tomcat 8)
and the web application needs to be able to send (not recieve) mails.
My web application allows to be configured in a few different ways and I cannot test them all at the moment.
Im using the standard java mail api (https://javamail.java.net/nonav/docs/api/com/sun/mail/smtp/package-summary.html)
At the moment I do have an exchange account and my application is working with STARTTLS & Auth. Mechanisms LOGIN & PLAIN to send mails.
The thing I cannot test is SSL (instead of STARTTLS) and NTLM as the Auth. Mechanism. The exchange server is not my own and I cannot have it configured to be working with these settings.
Does anyone know a way to set up a local mail server so I can test a configuration using SSL & NTLM?
Edit:
I tried hMailServer to test at least the SSL setting but I came across the following problem:
IMAP/SMTP over SSL (using my own SSL cert) is working fine untill I uncheck TLS v1, v1.2 & v1.2 in Settings -> Advanced -> SSL/TLS.
The hMailServer Logfile shows that the connection upon sending mails (using thunderbird with 2 accounts added) is always using TLS.
I would want the connection to run on SSL v3.0 (I know its not the best option but I want to give my application the option to use SSL instead of TLS anyways)
How can I get the connection to be using SSL v3.0?
You can try installing hMailServer in Windows.
https://www.hmailserver.com or you can try setting SMTP in windows8.
http://www.neatcomponents.com/enable-SMTP-in-Windows-8
We are trying to connect to ISA server over HTTPS from SOAP UI client. The ISA server redirects the URL to the required windows server within the organization.
When u send a request from SOAP UI client, we get "Remote host closed connection during handshake" error.
We have not changed any parameters on SOAP UI client or as read in few other blogs have not imported any certificates. Is importing certificate mandatory?
How do we go about to get succesful connection.
-Anand
The issue is resolved. The cretificate on ISA server was not deployed properly. The network admin team re-depolyed the certificates and the rule works fine.