[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: TLS failing?

To: Quanah Gibson-Mount <quanah@zimbra.com>, "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Subject: RE: TLS failing?
From: Albert Braden <abraden@about.com>
Date: Mon, 11 May 2015 21:31:26 +0000
Accept-language: en-US
Content-language: en-US
In-reply-to: <2069255153A2B810BB02536C@[192.168.1.9]>
References: <A1E97C88EB03954BAA9A257488E7432B4E968085@S059EXCHMB01.staff.iaccap.com> <2069255153A2B810BB02536C@[192.168.1.9]>
Thread-index: AdCL92YmySC0s/rTRGufPbozBkW3wAATbYyAAATjYLA=
Thread-topic: TLS failing?

-----Original Message-----
From: Quanah Gibson-Mount [mailto:quanah@zimbra.com] 
Sent: Monday, May 11, 2015 3:49 PM
To: Albert Braden; openldap-technical@openldap.org
Subject: Re: TLS failing?

--On Monday, May 11, 2015 3:32 PM +0000 Albert Braden <abraden@about.com> 
wrote:

>
>
> I'm setting up new LDAP servers with replication, and I configured TLS,
> but I see this in my log:
>
>
>
> May 11 14:29:07 nyprldap1 slapd[8867]: conn=2572 op=1 BIND
> dn="cn=manager,dc=about,dc=com" method=128
>
> May 11 14:29:07 nyprldap1 slapd[8867]: conn=2572 op=1 BIND
> dn="cn=manager,dc=about,dc=com" mech=SIMPLE ssf=0
>
>
>
> Does this mean that TLS is failing and it is falling back to ssf=0? I
> think my master is configured to not allow unencrypted connections:

You left out the lines before that from the log which clearly show it set 
TLS ;)

--Quanah


Hi Quanah,

My concern is that it might be successfully negotiating TLS and then falling back to cleartext for some reason. I don't understand the significance of the "ssf=0" line.

Follow-Ups:
- RE: TLS failing?
  - From: Quanah Gibson-Mount <quanah@zimbra.com>

References:
- TLS failing?
  - From: Albert Braden <abraden@about.com>
- Re: TLS failing?
  - From: Quanah Gibson-Mount <quanah@zimbra.com>

Prev by Date: Re: insert utf-8 data with c api (solved)
Next by Date: RE: TLS failing?
Index(es):
- Chronological
- Thread