[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: tls



On Nov 9, 2010, at 16:25 , Aaron Richton wrote:

> On Tue, 9 Nov 2010, Christian Bösch wrote:
> 
>> Can someone tell me if it's possible to require strong encryption like TLS
>> except from one IP address?
> 
> access to <what>
>   by peername.ip=1.2.3.4%255.255.255.255 {ssf,transport_ssf,tls_ssf,sasl_ssf}=NNN read
>   by peername.ip=1.2.3.4%255.255.255.255 none
>   by [...]
> 
> see slapd.access(5).

maybe you got me wrong. all connections have to be encrypted except one ip. this ip
should be allowed to connect with plain simple_bind.
acls with ssf=NNN do only allow connections with exactly the same level of encryption=NNN
ssf>1 or something like that is not possible?


Attachment: smime.p7s
Description: S/MIME cryptographic signature