[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Antw: Re: Upgrading from 2.4.26 to 2.4.41: Stricter checks prevent startup?
>>> Michael Ströder <michael@stroeder.com> schrieb am 25.10.2018 um 16:11 in
Nachricht <5ddb70fe-958b-2913-2426-0a7db4a9ef6d@stroeder.com>:
> On 10/25/18 8:59 AM, Ulrich Windl wrote:
>> As we do not actually use ldaps for replication that second line could be
> dropped easily
>
> As a side note:
>
> You should really use LDAPS or LDAP with StartTLS ext.op. for
> replication. Otherwise a MITM attacker could trick a replica into
> delivering false data to clients.
>
> Are you using StartTLS in syncrepl statement?
>
> Ciao, Michael.
Hi!
Thanks for the "heads up"; fortunately I have "starttls=critical" for each
syncrepl ;-)
Regards,
Ulrich