[Date Prev][Date Next]
RE: Require SSL transport?
At 02:45 PM 2/2/01 -0500, Justin Hahn wrote:
>> This says "require 128 bits of encryption." This encryption can be
>> provided by any layer (SASL, TLS, or transport). If the protection
>> is not present, only operations commands which can be used to initiate
>> such protections (e.g Start TLS) are allowed.
>OK, so if I specify
>then I am guaranteed to get at least 128 bits of encryption for ALL access,
>TLS, or am I mistaken? Or would this require 128 bits no more no less?
>If that's the case, is there a >= function?
The directive requires protection by a TLS cipher of strength
128 or better.
>> You can use ACLs to restrict simple authentication, for example:
>> access to attrs=userPassword
>> by ssf=112 auth
>> by ssf=128 self write
>> by * none
>I see! So it's a literal equals... This explains a lot.
Like other SSFs, the restriction requires N or better.