[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSL/TLS



At 06:23 PM 9/8/00 +0100, Ross Davis wrote:
>I successfully compiled OpenLDAP2.0.1 with the '--with-tls' option using
>the OpenSSL libraries. I haven't got around to testing it yet because I'm
>also trying to compile SAMBA-TNG2.6 alpha code with LDAP support first.
>What I'm wondering is does the '--with-tls' make OpenLDAP SSL-capable as
>well as TLS-capable, i.e.-is there some negotiation done as to protocol??

Yes, upon StartTLS or ldaps://, OpenSSL will handle negotiation
as to the appropriate TLS or SSL version to use.  Normally,
TLSv1 (SSLv3) is selected over SSLv2 and SSLv2 over SSLv1.

        - Kurt