RE: TSL / SSL

["Jason Corley" <Jason.Corley@togethersoft.com>]

I'm a little confused by the word "deprecated" here in reference to ldaps.  I thought ldaps was ssl encrypted openldap traffic?  I guess I'm not understanding what the proper way to configure openldap and/or initiate encrypted traffic is based on this statement.  Pointers to documentation more than welcome.
Thanks,
Jason

-----Original Message-----
From:	Kurt D. Zeilenga [mailto:Kurt@OpenLDAP.org]
Sent:	Sat 6/15/2002 9:33 PM
To:	Benoit LEROYER
Cc:	Informations; openldap-software@OpenLDAP.org
Subject:	Re: TSL / SSL
At 10:07 AM 2002-06-14, Benoit LEROYER wrote:
>What is the difference between starttls et ldaps ?

Start TLS (RFC 2830) is the standard track mechanism,
an LDAP operation, used in to establish TLS.

ldaps:// is a deprecated, non-standard track mechanism
for establishing TLS based upon mutually agreed upon
TCP service ports.

OpenLDAP supports both mechanisms.

Kurt




>Kurt D. Zeilenga wrote:
>
>>At 09:46 AM 2002-06-14, Informations wrote:
>>
>>>if i use only ldaps protocol (openldap compiled with openssl) with crypt Userpassword,  is-it secure ?
>>>if not what is the better solution ?
>>Better, as in stronger?  The strongest authentication
>>mechanism supported by OpenLDAP is StartTLS+SASL/EXTERNAL.
>>
>
>
>-- 
>------------------------------------------
>Benoit LEROYER - G.I.D.E (benoit@gide.net)
>Tél : 02.40.89.92.87
>Web : http://www.gide.net
>------------------------------------------