![]() ![]() The way Socket.createSocket() is used results in an SSLSocket without the hostname set in it. We have found there is a problem with the way Java creates LDAPS connections. This change is a security feature of Java. This was a security vulnerability because an attacker that gained control of DNSĬould route traffic to their own server. Previously the JVM would do a reverse lookup of the hostname using the IP then complete the connection using that hostname. As of Java 1.8u51+ (also 1.7.0_85+ and 1.6.0_101+) making SSL connections to an IP address is no longer allowed.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |