Hi Alaxey,
I'm trying to implement LDAP StartTLS operation on the server side and
I'm running into a potential race condition. In LDAP, the client
initiates SSL/TLS with a StartTLS request in plain text. The server then
responds in plain text. If successful, the client initiates the SSL
handshake. Since responding in plain text and installing the SSLFilter
can not occur atomically, there is a potential race condition. The
client could start the SSL handshake before the SSLFilter is installed.
Is there a way to install the SSLFilter first and bypass it for the last
plain text response to the client?
Thanks again
Bo