On Feb 18, 10:16 am, Anton Bobrov <[email protected]> wrote: > On 18/02/2010 16:49, huican wrote: > > > So far, I don't know how to force the mozilla ldap client tool, such > > as ldapsearch, to use the TLSv1 when connection, and not sure whether > > it is server config issue or client side issue. > > we use Mozilla NSS libraries for security services, heres an > overviewhttp://www.mozilla.org/projects/security/pki/nss/overview.html > > from the client side you can try explicitly disabling SSL_ENABLE_SSL2 > and SSL_ENABLE_SSL3 and enabling SSL_ENABLE_TLS only. this can be done > via NSS SSL_OptionSetDefault() > functionhttp://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslfnc.html#... > > by default we enable both SSL_ENABLE_SSL3 and SSL_ENABLE_TLS and have > SSL_ENABLE_SSL2 disabled explicitly. > > as i said i cant help you with your openldap server configuration. i'd > imagine you aint gonna need to reconfigure anything, TLS should be > there for negotiation out of the box. explicitly restricting the server > to TLS only is another story, you should investigate that separately.
Great.. Thank you for the reply. It seems I should not have any reason to doubt the availability of TLSv1. Appreciated your reply a lot. _______________________________________________ dev-tech-ldap mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-ldap
