30 messages in org.openldap.openldap-softwareLDAPS vs. StartTLS ext. op. (was: Re:...
FromSent OnAttachments
Emmanuel DreyfusJul 23, 2007 6:50 am 
Quanah Gibson-MountJul 23, 2007 11:01 am 
Emmanuel DreyfusJul 23, 2007 1:09 pm 
Quanah Gibson-MountJul 23, 2007 1:18 pm 
Russ AllberyJul 23, 2007 4:35 pm 
Christopher CowartJul 23, 2007 7:40 pm 
Howard ChuJul 23, 2007 9:58 pm 
Emmanuel DreyfusJul 24, 2007 1:02 am 
Howard ChuJul 24, 2007 1:54 am 
Emmanuel DreyfusJul 24, 2007 12:18 pm 
Quanah Gibson-MountJul 25, 2007 8:52 am 
Emmanuel DreyfusJul 25, 2007 9:06 am 
Quanah Gibson-MountJul 25, 2007 9:47 am 
Michael StröderJul 25, 2007 9:53 am 
Emmanuel DreyfusJul 25, 2007 10:36 am 
Quanah Gibson-MountJul 25, 2007 10:46 am 
Howard ChuJul 25, 2007 2:31 pm 
Michael StröderJul 25, 2007 2:38 pm 
Howard ChuJul 25, 2007 2:44 pm 
Russ AllberyJul 25, 2007 2:45 pm 
Norman GaywoodJul 25, 2007 3:04 pm 
Emmanuel DreyfusJul 25, 2007 8:30 pm 
Emmanuel DreyfusJul 25, 2007 8:31 pm 
Howard ChuJul 25, 2007 11:17 pm 
Ralf HaferkampJul 26, 2007 1:27 am 
Emmanuel DreyfusJul 26, 2007 4:04 am 
Emmanuel DreyfusJul 26, 2007 4:04 am 
Donn CaveJul 26, 2007 9:38 am 
Ralf HaferkampJul 26, 2007 11:46 am 
Howard ChuJul 27, 2007 2:13 am 
Actions with this message:
Paste this link in email or IM:
Paste this link in email or IM:
Atom feed for this thread
Paste this URL into your reader:
Subject:LDAPS vs. StartTLS ext. op. (was: Re: failover config: servers with....)Actions...
From:Michael Ströder (mich@stroeder.com)
Date:Jul 25, 2007 9:53:23 am
List:org.openldap.openldap-software

Quanah,

Quanah Gibson-Mount wrote:

Just note that using SSL over port 636 is not a defined protocol, and may go away in the future. Avoidance of its use when possible recommended.

- IMO StartTLS ext. op. is flawed because there's no way to mandate the use of it before a misbehaving LDAP client has a chance to send credentials on the wire. - Also StartTLS ext. op. is rarely supported by LDAP clients.

=> If the OpenLDAP developers were really crazy enough to remove support for LDAPS from OpenLDAP I'd kick OpenLDAP out of my business immediately. Period.

Ciao, Michael.