On 03/06/2012 10:01 AM, Mark H. Wood wrote: > On Tue, Mar 06, 2012 at 09:43:44AM -0500, Prentice Bisbal wrote: >> It sounds like you don't full understand TLS and the difference between >> TLS and SSL. I hope this brief explanation can help you out. I hope I'm >> not making a fool out of myself my telling you something you already know. >> >> TLS is similar to SSL, except that it happens on the non-encrypted port >> address, so for LDAP, that would be on port 389, instead of the LDAP+SSL >> port of 636. For TLS the client connects to the "standard" unencrypted > > Uh, no. TLS (http://tools.ietf.org/html/rfc5246) is SSLv3 with slight > tweaks. SSL was IIRC a Netscape invention, and when IETF standardized > it of course they had to change the name and make a few adjustments.
How is "SSLv3 with slight tweaks" different than saying "TLS is similar to SSL"? I fail to see any difference, especially in the context of the high-level overview I was intending. > > > STARTTLS (http://en.wikipedia.org/wiki/STARTTLS) is a mechanism (used > in a number of protocols, including LDAP and also SMTP) by which two > hosts can agree to upgrade an unencrypted connection to (TLS or SSL) > encrypted. > Again, what you are saying is no different from what I already said. -- Prentice
