From: "Salz, Rich" <rs...@akamai.com>
To: "openssl-users@openssl.org" <openssl-users@openssl.org>
Date: 09/23/2013 10:29 AM
Subject: RE: TLS authentication for ldap
Sent by: owner-openssl-us...@openssl.org
> Note, the above is for enforcing STARTTLS on the server. If the
> decision is left to the client, the configuration is less opaque.
And less secure. :)
If policy is to use SSL/TLS, then the server must enforce it; trusting the
clients to do the right thing is bad.
/r$
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
Rich,
In my wire capture with the LDAP server that is working all application
data is being transported via TLSv1 on port 389. But it was my
understanding that SSLv3 was going to be the last since TLS is more secure.
--
This message has been scanned for viruses and dangerous content,
and is believed to be clean.
Message id: B71BC600D84.A39F4
This communication and any attachments are confidential, protected by
Communications Privacy Act 18 USCS § 2510, solely for the use of the intended
recipient, and may contain legally privileged material. If you are not the
intended recipient, please return or destroy it immediately. Thank you.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
