[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSL/TLS/clear indication in logs?





--On Tuesday, September 27, 2005 11:28 AM -0500 Digant C Kasundra <digant@uta.edu> wrote:

Hello everyone,

I'm almost embarrassed to ask this question as I thought I had a clear
understanding of the logs but I'm puzzled.  I did three connections (did
a simple bind): (a) over port 389, no TLS; (b) over port 389 with TLS;
(c) over port 636.  But each time, the logs indicate the following:

BIND dn="uid=digant,cn=accounts,dc=uta,dc=edu" mech=SIMPLE ssf=0

I would think the ssf would be different from the times I used TLS.
What am I missing?

Hm, with TLS on 389, I see this:

Sep 27 10:32:08 ldap-test3.Stanford.EDU slapd[21702]: [ID 105384 local4.debug] conn=629 fd=60 TLS established tls_ssf=256 ssf=256

With SSL on 636, I see this:

Sep 27 10:33:28 ldap-test3.Stanford.EDU slapd[21702]: [ID 848112 local4.debug] conn=633 fd=60 ACCEPT from IP=171.64.19.55:33671 (IP=0.0.0.0:636)
Sep 27 10:33:28 ldap-test3.Stanford.EDU slapd[21702]: [ID 105384 local4.debug] conn=633 fd=60 TLS established tls_ssf=256 ssf=256



Note that this is on OpenLDAP 2.3.7.

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

"These censorship operations against schools and libraries are stronger
than ever in the present religio-political climate. They often focus on
fantasy and sf books, which foster that deadly enemy to bigotry and blind
faith, the imagination." -- Ursula K. Le Guin