30 messages in org.openldap.openldap-softwareRe: failover config: servers with sam...| From | Sent On | Attachments |
|---|---|---|
| Emmanuel Dreyfus | Jul 23, 2007 6:50 am | |
| Quanah Gibson-Mount | Jul 23, 2007 11:01 am | |
| Emmanuel Dreyfus | Jul 23, 2007 1:09 pm | |
| Quanah Gibson-Mount | Jul 23, 2007 1:18 pm | |
| Russ Allbery | Jul 23, 2007 4:35 pm | |
| Christopher Cowart | Jul 23, 2007 7:40 pm | |
| Howard Chu | Jul 23, 2007 9:58 pm | |
| Emmanuel Dreyfus | Jul 24, 2007 1:02 am | |
| Howard Chu | Jul 24, 2007 1:54 am | |
| Emmanuel Dreyfus | Jul 24, 2007 12:18 pm | |
| Quanah Gibson-Mount | Jul 25, 2007 8:52 am | |
| Emmanuel Dreyfus | Jul 25, 2007 9:06 am | |
| Quanah Gibson-Mount | Jul 25, 2007 9:47 am | |
| Michael Ströder | Jul 25, 2007 9:53 am | |
| Emmanuel Dreyfus | Jul 25, 2007 10:36 am | |
| Quanah Gibson-Mount | Jul 25, 2007 10:46 am | |
| Howard Chu | Jul 25, 2007 2:31 pm | |
| Michael Ströder | Jul 25, 2007 2:38 pm | |
| Howard Chu | Jul 25, 2007 2:44 pm | |
| Russ Allbery | Jul 25, 2007 2:45 pm | |
| Norman Gaywood | Jul 25, 2007 3:04 pm | |
| Emmanuel Dreyfus | Jul 25, 2007 8:30 pm | |
| Emmanuel Dreyfus | Jul 25, 2007 8:31 pm | |
| Howard Chu | Jul 25, 2007 11:17 pm | |
| Ralf Haferkamp | Jul 26, 2007 1:27 am | |
| Emmanuel Dreyfus | Jul 26, 2007 4:04 am | |
| Emmanuel Dreyfus | Jul 26, 2007 4:04 am | |
| Donn Cave | Jul 26, 2007 9:38 am | |
| Ralf Haferkamp | Jul 26, 2007 11:46 am | |
| Howard Chu | Jul 27, 2007 2:13 am |
| Subject: | Re: failover config: servers with same DNS address and TLS, subjectAltName extension | |
|---|---|---|
| From: | Russ Allbery (rr...@stanford.edu) | |
| Date: | Jul 23, 2007 4:35:32 pm | |
| List: | org.openldap.openldap-software | |
ma...@netbsd.org (Emmanuel Dreyfus) writes:
Quanah Gibson-Mount <qua...@zimbra.com> wrote:
Just note that using SSL over port 636 is not a defined protocol, and may go away in the future. Avoidance of its use when possible recommended.
I have this in /etc/services: ldaps 636/tcp ldap protocol over TLS/SSL (was sldap)
And checking the authoritative source confirms it's registered. http://www.iana.org/assignments/port-numbers
So what's wrong with LDAP/SSL over port 636?
There is a general trend for all IETF protocols away from using TLS on a separate port and towards using the standard port and STARTTLS. Allocating a second port for every major protocol, one with TLS and one without, was becoming wasteful of additional ports and there's no need for it given STARTTLS.
-- Russ Allbery (rr...@stanford.edu) <http://www.eyrie.org/~eagle/>