Ahh.. Thanks for the explanations.|
To: firstname.lastname@example.org; email@example.com; firstname.lastname@example.org
Date: Fri, 7 Jan 2011 12:55:57 -0700
Subject: RE: Strange behavior with TLS with self-signed certs
Equipment limitation: Our old load balancers could load balance StartTLS, not SSL. Our new ones can load balance SSL, not StartTLS.
Paranoia: If you wish to encrypt the entire session, from the very beginning, use SSL.
Firewall limits you to port 389 (corp policy, difficult network/firewall team, etc): … and want encryption, then use StartTLS.
Ok..I implemented what you explained for testing purposes and found the following to be true:
This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.