[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4082) TLS broken in OPENLDAP_REL_ENG_2_3_10?

> Good question. You're suggesting we should have left well enough alone
> and revert ITS#4072?

Should 4072 and 4082 be functionally related? (I assume there's a causal
relationship.) In 4072, the situation in question seems to be a completely
non-existent TLS configuration. In this one, though,

> TLSCipherSuite HIGH:+TLSv1:+SSLv2:+SSLv3

and other TLS configuration directives occur. Therefore any change made by
4072 shouldn't apply to this situation. (It seems that it did in 2.3.10,
of course.)

Basically, I'm not saying revert 4072 -- I'm saying narrow the scope of
4072, because the way I read it, the old behavior should take place if
TLS* are configured and the changes of 4072 should only manifest iff TLS*
is not configured.