[Date Prev][Date Next]
Re: how to ssl only, not tls?
Well, as TLS and SSL refer to the same data security
technology, your question seems a bit confused. If
you mean TLSv1 vs, say, SSLv2 (or some other pair of
TLS/SSL versions), you can enable/disable versions of
TLS/SSL via TLS cipher suite options. See OpenSSL
documentation for cipher suite options.
If, however, what you mean is to only allow initiate use
of TLS via use of a separate port, e.g., ldaps://, instead
of by the LDAP Start TLS operation, I don't recall
an option to disable Start TLS operation while allowing
use of ldaps://. Generally, it is best to provide the
standard track mechanism for initiating TLS/SSL (if one is
going to allow TLS/SSL to be initiated).
The error message below happens regardless of which
mechanism is used to initiate TLS/SSL. Have you gotten
OpenSSL's sample client/server programs working with your
certificates? If not, you should start there.
At 09:36 AM 5/31/2005, kk_q wrote:
>some ldap clients are not support tls,and support ssl.
>then I edit slapd.conf,change all "TLS" lines to #TLS,like:
>and run slapd -d 256 -h "ldaps://0.0.0.0/" -f /path/to/slapd.conf.
>run the dis-tls client.
>slapd reports error:
>conn=11 fd=10 accept from ip=127.0.0.1:57203(ip=0.0.0.0:636)
>TLS:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca s3_pkt.c:1052
>conn=11 fd=10 closed
>the client can't connect to ldap server.
>now,I want to know how to server side ssl only, not tls?