[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: StartTLS downgrading
"Howard Chu" <hyc@highlandsun.com> wrote on 02/23/2003 06:30:53 PM:
> Yes. The RFC never mandated a particular behavior for this operation.
> OpenLDAP just does whatever OpenSSL does. OpenSSL's "close" function
tears
> down the SSL session and closes the socket.
It would be really nice if it did so. I have a directory where the
passwords must be encrypted. From what I know of all the SASL
authentication mechanisms, they need to be able to read the password,
which they cannot. That leaves us with encrypting the wire and using plain
authentication. Falling back to an unencrypted state after sending the
authentication information would be nice.
Am I mistaken about the SASL requirements?
Tim