[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: StartTLS downgrading

To: openldap-software@OpenLDAP.org
Subject: RE: StartTLS downgrading
From: Timothy H Folks <Timothy.Folks@edgescape.com>
Date: Sun, 23 Feb 2003 19:05:14 -0600
In-reply-to: <001901c2db9c$c6eb84a0$0e01a8c0@CELLO>

"Howard Chu" <hyc@highlandsun.com> wrote on 02/23/2003 06:30:53 PM:

> Yes. The RFC never mandated a particular behavior for this operation.
> OpenLDAP just does whatever OpenSSL does. OpenSSL's "close" function 
tears
> down the SSL session and closes the socket.

It would be really nice if it did so. I have a directory where the 
passwords must be encrypted. From what I know of all the SASL 
authentication mechanisms, they need to be able to read the password, 
which they cannot. That leaves us with encrypting the wire and using plain 
authentication. Falling back to an unencrypted state after sending the 
authentication information would be nice.

Am I mistaken about the SASL requirements?

Tim

References:
- RE: StartTLS downgrading
  - From: "Howard Chu" <hyc@highlandsun.com>

Prev by Date: RE: StartTLS downgrading
Next by Date: RE: StartTLS downgrading
Index(es):
- Chronological
- Thread