[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Slurpd over SSL revisited

To: Quanah Gibson-Mount <quanah@stanford.edu>
Subject: Re: Slurpd over SSL revisited
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Wed, 10 Dec 2003 16:49:46 -0800
Cc: Thomas Cramer <cramert@musc.edu>, openldap-software@OpenLDAP.org
In-reply-to: <14551964.1071072920@cadabra.stanford.edu>
References: <3FD7A80C.3070606@musc.edu> <14551964.1071072920@cadabra.stanford.edu>

At 04:15 PM 12/10/2003, Quanah Gibson-Mount wrote:

>--On Wednesday, December 10, 2003 6:11 PM -0500 Thomas Cramer <cramert@musc.edu> wrote:
>
>
>>In one of the emails from last month on this topic I saw some people
>>adding "tls=on" or "tls=hard" in their replica setting.  When I add that
>>I get the following when I edit and attribute:
>>Initializing session to godel.musc.edu:636
>>ber_get_next failed.
>>Warning: ldap_start_tls failed: Can't contact LDAP server (81)
>>Initializing session to godel.musc.edu:636
>>bind to godel.musc.edu:636 as cn=Manager,o=MUSC,c=US (simple)
>>ber_get_next failed.
>>Error: ldap_simple_bind_s for godel.musc.edu:636 failed: Can't contact
>>LDAP server
>
>TLS != SSL

TLS and SSL refer to the same protocol.  Just that without
qualification, they refer to different versions.

Regardless of whether you start TLS/SSL using ldaps:// or
StartTLS, the (successful) result is the same: a LDAP
session secured by some version of TLS/SSL.   The difference
is not TLS v SSL, but the mechanism used to signal that a
TLS/SSL protocol exchange is to be started.

Kurt

References:
- Slurpd over SSL revisited
  - From: Thomas Cramer <cramert@musc.edu>
- Re: Slurpd over SSL revisited
  - From: Quanah Gibson-Mount <quanah@stanford.edu>

Prev by Date: Re: Slurpd over SSL revisited
Next by Date: achieve server redundancy
Index(es):
- Chronological
- Thread