[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSL/TLS Question

To: Nick Couchman <nick@seakr.com>
Subject: Re: SSL/TLS Question
From: M Butcher <mbutcher@grcomputing.net>
Date: 09 May 2003 15:41:38 -0600
Cc: openldap-software@OpenLDAP.org
In-reply-to: <3EBC026F.8070906@seakr.com>
Organization:
References: <3EBC026F.8070906@seakr.com>

Do you have the option of configuring the server to allow only
TLS-encrypted traffic? You can do that by adding "security tls=???
ssf=???" in the slapd.conf file, where "???" is replaced by encryption
levels (e.g. 112 and 128). That will force clients (both in and out of
your control) to use TLS/SSL. (Setting security this way will allow both
LDAPS and LDAP w/ Start TLS)

Matt

On Fri, 2003-05-09 at 13:33, Nick Couchman wrote:
> I'm trying to get SSL/TLS working on LDAP.  I want to force the clients 
> to use SSL or TLS to connect.  The admin guide (yes, I have read it) 
> says that TLS hard on the client side is the same as using ldaps:// all 
> the time and is deprecated.  If I take out the TLS hard option and don't 
> specify -ZZ on the command line for something like an ldapsearch, it 
> sends everything in clear text.  How can I force the clients to connect 
> securely without using "TLS hard" or am I misunderstand this?
> 
> --Nick
-- 
M Butcher <mbutcher@grcomputing.net>

References:
- SSL/TLS Question
  - From: Nick Couchman <nick@seakr.com>

Prev by Date: JLDAP schema modification
Next by Date: RE: ldap traffic encryption with kerberos
Index(es):
- Chronological
- Thread