[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSL3 alert write:fatal:unknown CA

To: Quanah Gibson-Mount <quanah@stanford.edu>
Subject: Re: SSL3 alert write:fatal:unknown CA
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Thu, 26 Jun 2003 15:06:11 -0700
Cc: Pierre Burri <pierre@globeall.de>, OpenLDAP <openldap-software@OpenLDAP.org>
In-reply-to: <3686490.1056637644@cadabra-dsl.stanford.edu>
References: <200306262300.59809.pierre@globeall.de> <OF13FB7FF1.9C9493C5-ON87256D51.005F8F6F-86256D51.005FE248@us.ibm .com> <200306262300.59809.pierre@globeall.de>

At 02:27 PM 6/26/2003, Quanah Gibson-Mount wrote:
>Pierre, SSL and TLS are essentially the same thing.  OpenLDAP does SSL+TLS on port 389.  By specifying ldaps://, you request that it make an encrypted call to the OpenLDAP server, via SSL/TLS encryption. 

As has been noted many times on the list and in the FAQ and other
documentation, this is quite correct.

TLS and SSL are just different names for the same thing, just that
the version is a bit confused between them (kind of like of like
SunOS versus Solaris versioning).

There are two mechanisms to initiate the negotiation of
TLS/SSL protections in LDAP:
        1) StartTLS
        2) ldaps://

The former is the standard track mechanism (RFC 2830).
The latter is a common, undocumented practice.

BTW, the s in ldaps:// does not stand for SSL.  See www.iana.org.

Kurt

References:
- Re: SSL3 alert write:fatal:unknown CA
  - From: Pierre Burri <pierre@globeall.de>
- Re: SSL3 alert write:fatal:unknown CA
  - From: Quanah Gibson-Mount <quanah@stanford.edu>

Prev by Date: Re: SSL3 alert write:fatal:unknown CA
Next by Date: Re: SSL3 alert write:fatal:unknown CA
Index(es):
- Chronological
- Thread