[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSL/TLS Question



Do you have the option of configuring the server to allow only
TLS-encrypted traffic? You can do that by adding "security tls=???
ssf=???" in the slapd.conf file, where "???" is replaced by encryption
levels (e.g. 112 and 128). That will force clients (both in and out of
your control) to use TLS/SSL. (Setting security this way will allow both
LDAPS and LDAP w/ Start TLS)

Matt

On Fri, 2003-05-09 at 13:33, Nick Couchman wrote:
> I'm trying to get SSL/TLS working on LDAP.  I want to force the clients 
> to use SSL or TLS to connect.  The admin guide (yes, I have read it) 
> says that TLS hard on the client side is the same as using ldaps:// all 
> the time and is deprecated.  If I take out the TLS hard option and don't 
> specify -ZZ on the command line for something like an ldapsearch, it 
> sends everything in clear text.  How can I force the clients to connect 
> securely without using "TLS hard" or am I misunderstand this?
> 
> --Nick
-- 
M Butcher <mbutcher@grcomputing.net>