[Date Prev][Date Next]
Re: Forcing SSLv3 with Openldap 2.0.11
Thanks much. Just so I'm clear on what you're suggesting I do..
Do you mean that I should just change the SSLv23_method() in tls.c and
rebuild the openldap libs or do you mean I should do my own tls_def_ctx over
rides in the source code of the program I'm working with?
On Wed, Oct 03, 2001 at 07:28:46PM -0700, Howard Chu wrote:
> Doesn't look like anything you can configure in ldap.conf. The only way I
> see to do this is to override the tls_def_ctx that the library creates. You
> do this by creating your own context and setting it with
> SSL_CTX *ctx = SSL_CTX_new(SSLv3_method());
> /* ... many other context initializations ... */
> ldap_set_option(NULL, LDAP_OPT_X_TLS_CTX, ctx );
> > -----Original Message-----
> > From: owner-openldap-software@OpenLDAP.org
> > [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Scott Russell
> > Sent: Wednesday, October 03, 2001 7:12 PM
> > To: openldap-software@OpenLDAP.org
> > Subject: Forcing SSLv3 with Openldap 2.0.11
> > How do I force SSLv3 with openldap 2.0.11 libs? It appears from looking at
> > openldap/libraries/libldap/tls.c that SSLv23 is used by default
> > with no way
> > to change this.
> > I understand that in a perfect world SSLv23 would work but with
> > the internal
> > LDAP server, which is arguably broken, SSLv23 fails while SSLv3 works.
> > Something I can add to /etc/ldap.conf perhaps?
> > Thanks for the help
Scott Russell (firstname.lastname@example.org)
Linux Technology Center, System Admin, RHCE.
T/L 441-9289 / External 919-543-9289