[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: TLS + SSL and openldap
Bruno Steven <aspenbr@gmail.com> writes:
> Hi,
>
> I am trying configure openldap work with tls , but I have two question about this, first
> when I use tls openldap use port 389 and ssl port 639 , is this correct ?
> Second How I can test connection between client and server, cryptography is working ?
There is no ssl port! SSL (Secure Socket Layer) is a proprietary,
licence based protocol, owned by Netscape? I don't know whether the
IPR of this protocol have been part of the Netscape/AOL deal. OpenLDAP,
and most other network based applications, have implemented Transport
Layer Security (TLS), RFC 2246. As a LPI certified professional you
should be aware of this.
OpenLDAP uses port 639, which has not been assigned by IANA to LDAP(S)
protocol, as TLS-enabled port. Port 389 is still required for the LDAP
extended operation startTLS (RFC-4513).
You may test your TLS session with:
openssl s_client -connect localhost:639 -CAfile <file>
Unfortunately openssl is not able to initiate a ldap_starttls session on
port 389.
-Dieter
--
Dieter Klünter | Systemberatung
http://dkluenter.de
GPG Key ID:8EF7B6C6
53°37'09,95"N
10°08'02,42"E