[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5655) add option for setting minimum TLS/SSL protocol

On Fri, 15 Aug 2008, Philip Guenther wrote:
> That said, it's more important to me that *some* option gets in so that I 
> (and Sendmail) don't have to maintain forever a patch to add it.  If 
> someone 'official' will make a decision and simply state what the option 
> should look like in its three forms (C API, ldap.conf, slapd config), I'll 
> munge the patch to match.

Any opinions?

TLS_PROTOCOL_MIN <major>,<minor>

struct ldap_tls_protocol { unsigned char major, minor; } val;
val.major = 3; val.minor=0;
ldap_set_option(ld, LDAP_OPT_TLS_PROTOCOL_MIN, &val);


(I'm running out of time to get _something_ into Sendmail's local copy, at 
which point I'll just commit something there and have to leave you guys to 
hack whatever you get around into the official repository.)

Philip Guenther