[Date Prev][Date Next]
Re: failover config: servers with same DNS address and TLS, subjectAltName extension
firstname.lastname@example.org (Emmanuel Dreyfus) writes:
> Quanah Gibson-Mount <email@example.com> wrote:
>> Just note that using SSL over port 636 is not a defined protocol, and may
>> go away in the future. Avoidance of its use when possible recommended.
> I have this in /etc/services:
> ldaps 636/tcp ldap protocol over TLS/SSL (was sldap)
> And checking the authoritative source confirms it's registered.
> So what's wrong with LDAP/SSL over port 636?
There is a general trend for all IETF protocols away from using TLS on a
separate port and towards using the standard port and STARTTLS.
Allocating a second port for every major protocol, one with TLS and one
without, was becoming wasteful of additional ports and there's no need for
it given STARTTLS.
Russ Allbery (firstname.lastname@example.org) <http://www.eyrie.org/~eagle/>