[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: tls

On Nov 9, 2010, at 16:25 , Aaron Richton wrote:

> On Tue, 9 Nov 2010, Christian Bösch wrote:
>> Can someone tell me if it's possible to require strong encryption like TLS
>> except from one IP address?
> access to <what>
>   by peername.ip= {ssf,transport_ssf,tls_ssf,sasl_ssf}=NNN read
>   by peername.ip= none
>   by [...]
> see slapd.access(5).

maybe you got me wrong. all connections have to be encrypted except one ip. this ip
should be allowed to connect with plain simple_bind.
acls with ssf=NNN do only allow connections with exactly the same level of encryption=NNN
ssf>1 or something like that is not possible?

Attachment: smime.p7s
Description: S/MIME cryptographic signature