From 2cf46088b7e69b4f424a821291607afe6faa7e4f Mon Sep 17 00:00:00 2001
From: Yuriy Movchan <Yuriy.Movchan@gmail.com>
Date: Fri, 30 Jul 2021 14:08:39 +0000
Subject: [PATCH] Add FIPS support (#176)

---
 opendj-server-legacy/src/main/java/org/opends/admin/ads/util/ConnectionWrapper.java |   14 ++++++++++++--
 1 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/opendj-server-legacy/src/main/java/org/opends/admin/ads/util/ConnectionWrapper.java b/opendj-server-legacy/src/main/java/org/opends/admin/ads/util/ConnectionWrapper.java
index 12a1de1..341b9fc 100644
--- a/opendj-server-legacy/src/main/java/org/opends/admin/ads/util/ConnectionWrapper.java
+++ b/opendj-server-legacy/src/main/java/org/opends/admin/ads/util/ConnectionWrapper.java
@@ -26,6 +26,7 @@
 import java.io.Closeable;
 import java.security.GeneralSecurityException;
 import java.security.NoSuchAlgorithmException;
+import java.util.List;
 import java.util.concurrent.TimeUnit;
 
 import javax.net.ssl.KeyManager;
@@ -152,9 +153,18 @@
     if (isLdaps || isStartTls)
     {
       try {
-        options.set(SSL_CONTEXT, getSSLContext(trustManager, keyManager))
+    	SSLContext sslContext = getSSLContext(trustManager, keyManager);
+
+    	List<String> defaultProtocols;
+    	if (trustManager == null) {
+    		defaultProtocols = ConnectionFactoryProvider.getDefaultProtocols();
+    	} else {
+    		defaultProtocols = ConnectionFactoryProvider.getDefaultProtocols(sslContext);
+    	}
+
+    	options.set(SSL_CONTEXT, sslContext)
                 .set(SSL_USE_STARTTLS, isStartTls)
-                .set(SSL_ENABLED_PROTOCOLS, ConnectionFactoryProvider.getDefaultProtocols());
+                .set(SSL_ENABLED_PROTOCOLS, defaultProtocols);
       } catch (NoSuchAlgorithmException e) {
           throw newLdapException(CLIENT_SIDE_PARAM_ERROR, "Unable to perform SSL initialization:" + e.getMessage());
       }

--
Gitblit v1.10.0