[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: tls



Andrew Findlay wrote:

On Thu, Nov 13, 2003 at 03:12:10PM +0300, Mark wrote:



in slapd.conf piece:
TLSCipherSuite  HIGH:MEDIUM:+SSLv3
TLSCACertificateFile    /usr/local/ssl/misc/demoCA/cacert.pem
TLSCertificateFile      /usr/local/ssl/misc/demoCA/certs/wolfcert.pem
TLSCertificateKeyFile   /usr/local/ssl/misc/demoCA/private/wolfkey.pem
TLSVerifyClient demand

start slpad server on -h ldap:///

Server starting and I can connecting to him through 389 port.
Why I can connect to this server? My client on other host does not know about tls.



TLS is an option in the LDAP protocol. A 'normal' LDAP connection can be upgraded with TLS to apply encryption and/or authentication, but it is quite possible to use the connection without either.

If you want to *require* encryption you need to add security strength
factors to slapd.conf - see the 'security' section of the slapd.conf
manpage.


Thanks , its worked.

I insert this string in slapd.conf
security tls=112
its true?
Now all traffic between client host and slapd server encrypted ?