[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLdap 2.4.17 and openssl 0.9.8l and datagram-based TLS

To: Robert Hanson <Robert.Hanson@calabrio.com>
Subject: Re: OpenLdap 2.4.17 and openssl 0.9.8l and datagram-based TLS
From: Howard Chu <hyc@symas.com>
Date: Wed, 18 Nov 2009 11:47:22 -0800
Cc: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
In-reply-to: <7A4A1C3056D0EB46BD030FF762B77BFA12C2B1DD5F@calex01.Calabrio.ld>
References: <7A4A1C3056D0EB46BD030FF762B77BFA12C2B1DD5F@calex01.Calabrio.ld>
User-agent: Mozilla/5.0 (X11; U; Linux i686; rv:1.9.1.5pre) Gecko/20091025 Lightning/1.0pre SeaMonkey/2.0a1pre Firefox/3.0.3

Robert Hanson wrote:
> Our customer is requiring us to use openssl 0.9.8l   They have
> determined that there is a problem with datagram based TLS; as long as
> we’re not using datagram-based TLS for communication to slapd, we can go
> ahead and approve this.

Please read this post

http://www.openldap.org/lists/openldap-software/200911/msg00102.html

and explain to your customer that OpenSSL 0.9.8l is broken and using it will
result in hung connections. Nobody should be using it. 0.9.8m will probably be
released soon due to the issues in 0.9.8l.

> How do I find out if I’m using datagram-based TLS?  Is it something in
> the slapd.conf file or is it something in the build of openldap?  Or is
> it just not an issue?

It is not an issue. LDAP is a connection-oriented protocol, not datagram-based.

-- 
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

References:
- OpenLdap 2.4.17 and openssl 0.9.8l and datagram-based TLS
  - From: Robert Hanson <Robert.Hanson@Calabrio.com>

Prev by Date: Re: Query performance degrades over time.
Next by Date: Password Troubles
Index(es):
- Chronological
- Thread