[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Require SSL transport?

At 02:45 PM 2/2/01 -0500, Justin Hahn wrote:
>> This says "require 128 bits of encryption."  This encryption can be
>> provided by any layer (SASL, TLS, or transport).  If the protection
>> is not present, only operations commands which can be used to initiate
>> such protections (e.g Start TLS) are allowed.
>OK, so if I specify 
>security tls=128
>then I am guaranteed to get at least 128 bits of encryption for ALL access,
>TLS, or am I mistaken? Or would this require 128 bits no more no less? 
>If that's the case, is there a >= function?

The directive requires protection by a TLS cipher of strength
128 or better.

>> You can use ACLs to restrict simple authentication, for example:
>>         access to attrs=userPassword
>>                 by ssf=112 auth
>>                 by ssf=128 self write
>>                 by * none
>I see! So it's a literal equals... This explains a lot.

Like other SSFs, the restriction requires N or better.