[Date Prev][Date Next] [Chronological] [Thread] [Top]

TLS which port?

To: openldap-software@OpenLDAP.org
Subject: TLS which port?
From: Bob Tanner <tanner@real-time.com>
Date: Mon, 2 Apr 2001 21:02:29 -0500
Content-disposition: inline
User-agent: Mutt/1.2.5i

When I do TLS which port should I use?

I am using GQ and on port 389 TLS works fine.

If I switch to port 636, it bombs out the error message

Couldn't enable TLS on the LDAP connection: Can't connect LDAP server

Openldap 2.0.7 returns the following debug info

connection_get(8)
connection_get(8): got connid=2
connection_read(8): checking for input on id=2
TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL_accept:error in SSLv2/v3 read client hello A
TLS: can't accept.
TLS: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
s23_srvr.c:557
connection_read(8): TLS accept error error=-1 id=2, closing
connection_closing: readying conn=2 sd=8 for close
connection_close: conn=2 sd=8

What security issues are they running TLS on port 389?

Using ethereal snooping the network I don't see any thing, but I'd like to
double check.

Should TLS work on port 636?


Here are some other tests:

# ldapsearch -h localhost -p 389 -x -b "" -s base -LLL supportedSASLMechanisms
dn:
supportedSASLMechanisms: GSSAPI

# ldapsearch -H ldaps:/// -x -b "" -s base -LLL supportedSASLMechanisms
dn:
supportedSASLMechanisms: GSSAPI
supportedSASLMechanisms: PLAIN
supportedSASLMechanisms: LOGIN

# ldapsearch -h localhost -p 389 -x -b "" -s base -LLL -ZZ supportedSASLMechanisms
dn:
supportedSASLMechanisms: GSSAPI
supportedSASLMechanisms: PLAIN
supportedSASLMechanisms: LOGIN

-- 
Bob Tanner <tanner@real-time.com>       | Phone : (952)943-8700
http://www.mn-linux.org                 | Fax   : (952)943-8500
Key fingerprint =  6C E9 51 4F D5 3E 4C 66 62 A9 10 E5 35 85 39 D9

Prev by Date: Schema "server"?
Next by Date: DSA is unwilling to perform during replication
Index(es):
- Chronological
- Thread