[Date Prev][Date Next] [Chronological] [Thread] [Top]

Is TLS broken?

To: openldap-software@OpenLDAP.org
Subject: Is TLS broken?
From: Andrew Newman <anewman@pisoftware.com>
Date: Mon, 12 Mar 2001 08:44:14 +1000
User-agent: Mozilla/5.0 (X11; U; Linux 2.4.1 i686; en-US; 0.8.1) Gecko/20010308

I understand that TLS is composed of two parts the Record Protocol and the Handshake Protocol.

My experience so far leads me to believe that the Handshake Protocol is not implemented. You can put any certificate in and there's no verification at the other end. Have I missed something?

This is important, because it would then be possible to recover the username/password that a replicating server was using (for example).

Are there any alternatives to this? Currently, using SSL wrappers (like sslwrap) or ssh seems to be the correct solution.

Prev by Date: Re: LDAP & Kerberos
Next by Date: problem running slapd
Index(es):
- Chronological
- Thread