Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-67580

startTLS failure leaves connection unencrypted

XMLWordPrintable

      the AD plugin in LDAP mode can use startTLS to upgrade a plain text connection to a secure one.

      However if this upgrade fails the connection reverts to a plain text one.

      This is actually documented, however it is somewhat at odd with the flag from SECURITY-1389

      As an AD server may not be exposed on the SSL ports but only the plain text with upgrades, there may be no way for a user to configure the AD plugin to use an encrypted LDAP connection.
      (requireTLS forces the connection to use the ssl port)

      Rather if both startTLS and requireTLS are both set then the upgrade should be done with the START_TLS command and for any failure the connection should abort.

      Documentation would need to be changed accordingly.

            fbelzunc FĂ©lix Belzunce Arcos
            teilo James Nord
            Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated: