[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: StartTLS downgrading



> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Timothy H Folks

> I found the following note in the LDAP tips section of Sun's JNDI
> tutorial:
>
> Note 2: The OpenLDAP server, upon receiving the tls.close(),
> will shut
> down the connection instead of downgrading it to a plain connection.
>
> Is this still true?

Yes. The RFC never mandated a particular behavior for this operation.
OpenLDAP just does whatever OpenSSL does. OpenSSL's "close" function tears
down the SSL session and closes the socket.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support