[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: tls

To: Andrew Findlay <andrew.findlay@skills-1st.co.uk>
Subject: Re: tls
From: Mark <mark@rusautogaz.ru>
Date: Fri, 14 Nov 2003 12:56:08 +0300
Cc: openldap-software@OpenLDAP.org
In-reply-to: <20031113174236.GI11064@brick.skills-1st.co.uk>
References: <3FB3751A.9090705@rusautogaz.ru> <20031113174236.GI11064@brick.skills-1st.co.uk>

Andrew Findlay wrote:

On Thu, Nov 13, 2003 at 03:12:10PM +0300, Mark wrote:
in slapd.conf piece:
TLSCipherSuite  HIGH:MEDIUM:+SSLv3
TLSCACertificateFile    /usr/local/ssl/misc/demoCA/cacert.pem
TLSCertificateFile      /usr/local/ssl/misc/demoCA/certs/wolfcert.pem
TLSCertificateKeyFile   /usr/local/ssl/misc/demoCA/private/wolfkey.pem
TLSVerifyClient demand
start slpad server on -h ldap:///
Server starting and I can connecting to him through 389 port. Why I can connect to this server? My client on other host does not know about tls.
TLS is an option in the LDAP protocol. A 'normal' LDAP connection can
be upgraded with TLS to apply encryption and/or authentication, but it
is quite possible to use the connection without either.
If you want to *require* encryption you need to add security strength factors to slapd.conf - see the 'security' section of the slapd.conf manpage.

Thanks , its worked.

I insert this string in slapd.conf
security tls=112
its true?
Now all traffic between client host and slapd server encrypted ?

Follow-Ups:
- Re: tls
  - From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>

References:
- tls
  - From: Mark <mark@rusautogaz.ru>
- Re: tls
  - From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>

Prev by Date: Re: Common Address Book
Next by Date: Access control replication
Index(es):
- Chronological
- Thread