[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSL3 alert write:fatal:unknown CA

At 02:27 PM 6/26/2003, Quanah Gibson-Mount wrote:
>Pierre, SSL and TLS are essentially the same thing.  OpenLDAP does SSL+TLS on port 389.  By specifying ldaps://, you request that it make an encrypted call to the OpenLDAP server, via SSL/TLS encryption. 

As has been noted many times on the list and in the FAQ and other
documentation, this is quite correct.

TLS and SSL are just different names for the same thing, just that
the version is a bit confused between them (kind of like of like
SunOS versus Solaris versioning).

There are two mechanisms to initiate the negotiation of
TLS/SSL protections in LDAP:
        1) StartTLS
        2) ldaps://

The former is the standard track mechanism (RFC 2830).
The latter is a common, undocumented practice.

BTW, the s in ldaps:// does not stand for SSL.  See www.iana.org.