Re: failover config: servers with same DNS address and TLS, subjectAltName extension - Quanah Gibson-Mount - org.openldap.openldap-software

30 messages in org.openldap.openldap-softwareRe: failover config: servers with sam...

From	Sent On	Attachments
Emmanuel Dreyfus	Jul 23, 2007 6:50 am
Quanah Gibson-Mount	Jul 23, 2007 11:01 am
Emmanuel Dreyfus	Jul 23, 2007 1:09 pm
Quanah Gibson-Mount	Jul 23, 2007 1:18 pm
Russ Allbery	Jul 23, 2007 4:35 pm
Christopher Cowart	Jul 23, 2007 7:40 pm
Howard Chu	Jul 23, 2007 9:58 pm
Emmanuel Dreyfus	Jul 24, 2007 1:02 am
Howard Chu	Jul 24, 2007 1:54 am
Emmanuel Dreyfus	Jul 24, 2007 12:18 pm
Quanah Gibson-Mount	Jul 25, 2007 8:52 am
Emmanuel Dreyfus	Jul 25, 2007 9:06 am
Quanah Gibson-Mount	Jul 25, 2007 9:47 am
Michael Ströder	Jul 25, 2007 9:53 am
Emmanuel Dreyfus	Jul 25, 2007 10:36 am
Quanah Gibson-Mount	Jul 25, 2007 10:46 am
Howard Chu	Jul 25, 2007 2:31 pm
Michael Ströder	Jul 25, 2007 2:38 pm
Howard Chu	Jul 25, 2007 2:44 pm
Russ Allbery	Jul 25, 2007 2:45 pm
Norman Gaywood	Jul 25, 2007 3:04 pm
Emmanuel Dreyfus	Jul 25, 2007 8:30 pm
Emmanuel Dreyfus	Jul 25, 2007 8:31 pm
Howard Chu	Jul 25, 2007 11:17 pm
Ralf Haferkamp	Jul 26, 2007 1:27 am
Emmanuel Dreyfus	Jul 26, 2007 4:04 am
Emmanuel Dreyfus	Jul 26, 2007 4:04 am
Donn Cave	Jul 26, 2007 9:38 am
Ralf Haferkamp	Jul 26, 2007 11:46 am
Howard Chu	Jul 27, 2007 2:13 am

	Permalink for this message Paste this link in email or IM:
	Permalink for this thread Paste this link in email or IM:
	Atom feed for this thread Paste this URL into your reader:

Subject:	Re: failover config: servers with same DNS address and TLS, subjectAltName extension	Actions...
From:	Quanah Gibson-Mount (qua...@zimbra.com)
Date:	Jul 23, 2007 1:18:20 pm
List:	org.openldap.openldap-software

--On July 23, 2007 10:09:33 PM +0200 Emmanuel Dreyfus <ma...@netbsd.org> wrote:

Quanah Gibson-Mount <qua...@zimbra.com> wrote:

Just note that using SSL over port 636 is not a defined protocol, and may go away in the future. Avoidance of its use when possible recommended.

I have this in /etc/services: ldaps 636/tcp ldap protocol over TLS/SSL (was sldap)

And checking the authoritative source confirms it's registered. http://www.iana.org/assignments/port-numbers

So what's wrong with LDAP/SSL over port 636?

It is not defined by any RFC, it is simply a hack that was put in to address an issue with LDAPv2. LDAPv3 implements the RFC defined STARTTLS operation (RFC 2830). Just because it is registered with iana doesn't mean it is something that's been truly defined. As such, it faces the possibility of disappearing in the future.

--Quanah

-------------------- Zimbra :: the leader in open source messaging and collaboration

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets
	Permalink to these results Paste this link in email or IM:
	Atom feed for tracking future search results Paste this URL into your reader: