[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5655) add option for setting minimum TLS/SSL protocol

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#5655) add option for setting minimum TLS/SSL protocol
From: guenther@sendmail.com
Date: Tue, 19 Aug 2008 18:01:41 GMT

On Fri, 15 Aug 2008, Philip Guenther wrote:
...
> That said, it's more important to me that *some* option gets in so that I 
> (and Sendmail) don't have to maintain forever a patch to add it.  If 
> someone 'official' will make a decision and simply state what the option 
> should look like in its three forms (C API, ldap.conf, slapd config), I'll 
> munge the patch to match.

Any opinions?

ldap.conf:
TLS_PROTOCOL_MIN <major>,<minor>

C:
struct ldap_tls_protocol { unsigned char major, minor; } val;
val.major = 3; val.minor=0;
ldap_set_option(ld, LDAP_OPT_TLS_PROTOCOL_MIN, &val);

?


(I'm running out of time to get _something_ into Sendmail's local copy, at 
which point I'll just commit something there and have to leave you guys to 
hack whatever you get around into the official repository.)


Philip Guenther

Prev by Date: Re: (ITS#5661) contextCSN gets corrupted on the stand by mirror
Next by Date: Re: (ITS#5655) add option for setting minimum TLS/SSL protocol
Index(es):
- Chronological
- Thread