Re: [nssldap] Questions about start_tls
[Date Prev][Date Next] [Thread Prev][Thread Next]Re: [nssldap] Questions about start_tls
- From: maillists0 [at] gmail.com
- To: "Andrew Findlay" <andrew.findlay [at] skills-1st.co.uk>
- Cc: nssldap [at] padl.com
- Subject: Re: [nssldap] Questions about start_tls
- Date: Wed, 10 Dec 2008 15:16:02 -0500
Remember that it is up
to the *client* to request that encryption using TLS. I would suggest
always using encryption for NSS and PAM clients.
I'm confused about this. In /etc/ldap.conf, I have "ssl start_tls". When I set debug to 2, I can see that the output of the server is encrypted and there are a lot of "tls_read: want/got" messages, with no complaints. The only output that isn't encrypted is from the client. I am using a self-signed certificate, so I set tls_checkpeer to "no". Is this to be expected, or is tls on the client-side silently failing?
- Re: [nssldap] Questions about start_tls, (continued)
- Re: [nssldap] Questions about start_tls,
Andrew Findlay
- Re: [nssldap] Questions about start_tls,
maillists0
- RE: [nssldap] Questions about start_tls, Chapman, Kyle
- Message not available
- Re: [nssldap] Questions about start_tls,
Andrew Findlay
- Re: [nssldap] Questions about start_tls, maillists0
- Re: [nssldap] Questions about start_tls, Andrew Findlay
- Re: [nssldap] Questions about start_tls, maillists0
- Re: [nssldap] Questions about start_tls,
Andrew Findlay
- Re: [nssldap] Questions about start_tls,
maillists0
- Re: [nssldap] Questions about start_tls,
Andrew Findlay
- Prev by Date: RE: [nssldap] Questions about start_tls
- Next by Date: Re: [nssldap] Questions about start_tls
- Previous by thread: Re: [nssldap] Questions about start_tls
- Next by thread: Re: [nssldap] Questions about start_tls