[Date Prev][Date Next]
Re: TLS or plain?
Stephen Frost wrote:
* Bennett, Tony - CNF (Bennett.Tony@cnf.com) wrote:
It is my understanding that when a client connects
to a server using ldaps://.... instead of ldap://...
then a TLS session is first negotiated with the server,
then the client uses whatever "method" is specified...
This isn't really accurate. ldaps is for SSL sessions. TLS is used on
the regular ldap:// port and is a way to 'upgrade' a connection to
*Your* explanation isn't really accurate.
You probably are talking about LDAP on top of SSL/TLS layer (out-of-band
encryption tunnel usually on separate port) vs. using StartTLS extended
operation in an existing LDAPv3 connection (negotiating encryption tunnel
TLSv1 is the sucessor of SSLv3 standardized by the IETF (SSL was a
proprietary protocol developed by Netscape) and it has nothing to do with
LDAP in the first place. If you use ldaps:// depending on the client and
server configuration you can either use SSL or TLS.