[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5655) add option for setting minimum TLS/SSL protocol

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#5655) add option for setting minimum TLS/SSL protocol
From: guenther+ldapdev@sendmail.com
Date: Fri, 15 Aug 2008 06:09:33 GMT

On Thu, 14 Aug 2008, Michael Ströder wrote:
> Philip Guenther wrote:
...
> > They also have the "SSLProtocol" directive, further down on that page.  
> 
> Then I'd vote for doing it exactly like this with one option (space- or
> comma-separated list of protocols).

As I mentioned in the ITS, I think treating the various protocol versions 
as independently choosable is a Bad Thing, as it permits broken settings 
with no corresponding gain.

That said, it's more important to me that *some* option gets in so that I 
(and Sendmail) don't have to maintain forever a patch to add it.  If 
someone 'official' will make a decision and simply state what the option 
should look like in its three forms (C API, ldap.conf, slapd config), I'll 
munge the patch to match.

Philip Guenther

Prev by Date: Re: (ITS#5640) slapd scans too many objects at startup
Next by Date: (ITS#5657) Broken symlinks in /etc/ssl/certs prevent ssl connection
Index(es):
- Chronological
- Thread