On 18/02/2010 16:49, huican wrote:
So far, I don't know how to force the mozilla ldap client tool, such as ldapsearch, to use the TLSv1 when connection, and not sure whether it is server config issue or client side issue.
we use Mozilla NSS libraries for security services, heres an overview http://www.mozilla.org/projects/security/pki/nss/overview.html from the client side you can try explicitly disabling SSL_ENABLE_SSL2 and SSL_ENABLE_SSL3 and enabling SSL_ENABLE_TLS only. this can be done via NSS SSL_OptionSetDefault() function http://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslfnc.html#1068466 by default we enable both SSL_ENABLE_SSL3 and SSL_ENABLE_TLS and have SSL_ENABLE_SSL2 disabled explicitly. as i said i cant help you with your openldap server configuration. i'd imagine you aint gonna need to reconfigure anything, TLS should be there for negotiation out of the box. explicitly restricting the server to TLS only is another story, you should investigate that separately. _______________________________________________ dev-tech-ldap mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-ldap
