Rich Megginson wrote: > Nelson B wrote: >> Rich Megginson wrote: >>> Nelson B wrote: >>>> Does LDAP have a "StartTLS" feature (ala IMAP, SMTP) that allows the >>>> connection to start without TLS, then negotiate TLS and switch to it? >>>> Where can I find out more about it, if so? >>> This is RFC 4513 - http://www.isi.edu/in-notes/rfc4513.txt >> >> Thanks. That RFC is hot off the press, I see. >> Am I right in imagining that it's not widely implemented yet? >> > That RFC is the replacement for the earlier startTLS RFCs which are > referenced in that document and have been implemented for several years > now. I haven't read the new RFC yet but I'm assuming it hasn't changed > the startTLS spec, just cleaned it up and unified the various strands of > other RFCs. > > So, yes, it is widely implemented. Netscape/Sun/iPlanet/Red Hat/Fedora > Directory Server has supported it since 2001, and likely OpenLDAP and > others have supported it since around that time.
The LDAP SDK documentation on www.mozilla.org <http://www.mozilla.org/directory/csdk-docs/ssl.htm#how_ssl_works_with_ldap> says "The Mozilla LDAP C SDK only supports SSL 3.0 and does not support the Start Transport Layer Security (TLS) Operation. " There are (at least) two possible interpretations of that: a) The Mozilla LDAP C SDK ... does not support ... TLS b) The Mozilla LDAP C SDK ... does not support ... StartTLS. Which of those interpretations is correct? Or, if neither, what is the correct interpretation? Or is that document just wrong and needs to be fixed? _______________________________________________ dev-tech-ldap mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-ldap
