[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: failover config: servers with same DNS address and TLS, subjectAltName extension

--On July 23, 2007 10:09:33 PM +0200 Emmanuel Dreyfus <manu@netbsd.org> wrote:

Quanah Gibson-Mount <quanah@zimbra.com> wrote:

Just note that using SSL over port 636 is not a defined protocol, and may
go away in the future.  Avoidance of its use when possible recommended.

I have this in /etc/services: ldaps 636/tcp ldap protocol over TLS/SSL (was sldap)

And checking the authoritative source confirms it's registered.

So what's wrong with LDAP/SSL over port 636?

It is not defined by any RFC, it is simply a hack that was put in to address an issue with LDAPv2. LDAPv3 implements the RFC defined STARTTLS operation (RFC 2830). Just because it is registered with iana doesn't mean it is something that's been truly defined. As such, it faces the possibility of disappearing in the future.


-- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration