[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5655) add option for setting minimum TLS/SSL protocol

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#5655) add option for setting minimum TLS/SSL protocol
From: hyc@symas.com
Date: Tue, 19 Aug 2008 21:26:10 GMT

guenther@sendmail.com wrote:
> On Fri, 15 Aug 2008, Philip Guenther wrote:
> ...
>> That said, it's more important to me that *some* option gets in so that I
>> (and Sendmail) don't have to maintain forever a patch to add it.  If
>> someone 'official' will make a decision and simply state what the option
>> should look like in its three forms (C API, ldap.conf, slapd config), I'll
>> munge the patch to match.
>
> Any opinions?
>
> ldap.conf:
> TLS_PROTOCOL_MIN<major>,<minor>

Let's use US convention <major>.<minor>...

> C:
> struct ldap_tls_protocol { unsigned char major, minor; } val;
> val.major = 3; val.minor=0;
> ldap_set_option(ld, LDAP_OPT_TLS_PROTOCOL_MIN,&val);

I would just use an int, and have the caller OR in the appropriate values. You 
could also define a few macros for the currently known versions.

What are the values for TLS1.1, 1.2, etc?
>
> ?
>
>
> (I'm running out of time to get _something_ into Sendmail's local copy, at
> which point I'll just commit something there and have to leave you guys to
> hack whatever you get around into the official repository.)
>
>
> Philip Guenther
>
>
>


-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: Re: (ITS#5655) add option for setting minimum TLS/SSL protocol
Next by Date: Re: (ITS#5655) add option for setting minimum TLS/SSL protocol
Index(es):
- Chronological
- Thread