[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS fails to bind (Please help)

To: Michael Ströder <michael@stroeder.com>
Subject: Re: TLS fails to bind (Please help)
From: "Pierangelo Masarati" <ando@sys-net.it>
Date: Mon, 8 Nov 2004 14:34:56 +0100 (CET)
Cc: "Lorenzo Thurman" <lorenzo@thethurmans.com>, openldap-software@OpenLDAP.org
Importance: Normal
In-reply-to: <418F288C.6080602@stroeder.com>
References: <1B9B15BA-3048-11D9-9768-000D93C7CA04@thethurmans.com> <59530.131.175.154.56.1099897647.squirrel@131.175.154.56> <418F288C.6080602@stroeder.com>
User-agent: SquirrelMail/1.4.3a-1

I apologize for erroneously using "TLS" in lieu of "StartTLS".  However,
I'm convinced that my interpretation of the problem is correct: I
understand he's expecting StartTLS (e.g. option -Z in client tools) to use
port 636.

p.

> Pierangelo Masarati wrote:
>>
>> TLS has nothing to do with port 636.
>
> Please let us stay precise here and don't use "TLS" as an acronym for
> "StartTLS extended operation".
>
> Off course TLS could be used on port 636 which is the default port for
> URI scheme LDAPS:// since TLSv1 is the IETF successor of SSLv3. Whether
> SSLv3 or TLSv1 is used is negotiated between client and server.
>
> And off course StartTLS extended operation starts an encrypted tunnel
> in-band an existing LDAP connection (URI scheme LDAP://, default port
> 389).
>
> Ciao, Michael.
>


-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it


    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497

References:
- TLS fails to bind (Please help)
  - From: Lorenzo Thurman <lorenzo@thethurmans.com>
- Re: TLS fails to bind (Please help)
  - From: "Pierangelo Masarati" <ando@sys-net.it>
- Re: TLS fails to bind (Please help)
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Re: TLS fails to bind (Please help)
Next by Date: stumped
Index(es):
- Chronological
- Thread