[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: StartTLS downgrading

To: "'Timothy H Folks'" <Timothy.Folks@edgescape.com>, <openldap-software@OpenLDAP.org>
Subject: RE: StartTLS downgrading
From: "Howard Chu" <hyc@highlandsun.com>
Date: Sun, 23 Feb 2003 16:30:53 -0800
Importance: Normal
In-reply-to: <OF6918E440.39E2ECA6-ON86256CD6.0082C1A7-86256CD6.0082E331@edgescape.com>

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Timothy H Folks

> I found the following note in the LDAP tips section of Sun's JNDI
> tutorial:
>
> Note 2: The OpenLDAP server, upon receiving the tls.close(),
> will shut
> down the connection instead of downgrading it to a plain connection.
>
> Is this still true?

Yes. The RFC never mandated a particular behavior for this operation.
OpenLDAP just does whatever OpenSSL does. OpenSSL's "close" function tears
down the SSL session and closes the socket.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

Follow-Ups:
- RE: StartTLS downgrading
  - From: Timothy H Folks <Timothy.Folks@edgescape.com>
- RE: StartTLS downgrading
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

References:
- StartTLS downgrading
  - From: Timothy H Folks <Timothy.Folks@edgescape.com>

Prev by Date: RE: [LDAP-SOFTWARE] ACLand regex (matching self)
Next by Date: RE: StartTLS downgrading
Index(es):
- Chronological
- Thread