[Date Prev][Date Next]
LDAPS vs. StartTLS ext. op. (was: Re: failover config: servers with....)
Quanah Gibson-Mount wrote:
> Just note that using SSL over port 636 is not a defined protocol, and
> may go away in the future. Avoidance of its use when possible recommended.
- IMO StartTLS ext. op. is flawed because there's no way to mandate the
use of it before a misbehaving LDAP client has a chance to send
credentials on the wire.
- Also StartTLS ext. op. is rarely supported by LDAP clients.
=> If the OpenLDAP developers were really crazy enough to remove support
for LDAPS from OpenLDAP I'd kick OpenLDAP out of my business