[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: replica and ssl

Quanah Gibson-Mount wrote:
> You could leave it on port 389, use TLS, and be just as secure.

Quanah please be precise here: You are probably referring to StartTLS extended operation sent over an existing LDAP connection. SSLv3 or TLSv1 is an encryption protocol above the transport layer encryption.

BTW: I see some security benefits when using LDAPS URIs over StartTLS ext. op. You don't have to set another config parameter to make use of SSL or TLS mandantory. But your mileage may vary.

Ciao, Michael.