after update 3.9.3 to 4.3.2.0 server send the list of Distinguished CA Names in the SERVER HELLO.
Registry was not changed.
System: Windows Server 2012 R2 Standard
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL
Value name: SendTrustedIssuerList
Value type: REG_DWORD
Value data: 0 (False)
Value name: ClientAuthTrustMode
Value type: REG_DWORD
Value data: 2
How can I deactivate Distinguished CA Names in the SERVER HELLO?
I change the parameters:
xmpp.server.certificate.accept-selfsigned
xmpp.client.certificate.accept-selfsigned
Distinguished Names are not empty in the 4.3.2
When true must
ServerTrustManager.getAcceptedIssuers and
ClientTrustManager.getAcceptedIssuers
send empty array:
public X509Certificate [] getAcceptedIssuers () {
if (JiveGlobals.getBooleanProperty (ConnectionSettings.Server.TLS_ACCEPT_SELFSIGNED_CERTS, false)) {
// Answer to empty list since we accept any issuer
return new X509Certificate [0];
}
public X509Certificate [] getAcceptedIssuers () {
if (JiveGlobals.getBooleanProperty (“xmpp.client.certificate.accept-selfsigned”, false)) {
// Answer to empty list since we accept any issuer
return new X509Certificate [0];
}