-----Original Message----- From: Quanah Gibson-Mount [mailto:[email protected]] Sent: Monday, May 11, 2015 3:49 PM To: Albert Braden; [email protected] Subject: Re: TLS failing?
--On Monday, May 11, 2015 3:32 PM +0000 Albert Braden <[email protected]> wrote: > > > I'm setting up new LDAP servers with replication, and I configured TLS, > but I see this in my log: > > > > May 11 14:29:07 nyprldap1 slapd[8867]: conn=2572 op=1 BIND > dn="cn=manager,dc=about,dc=com" method=128 > > May 11 14:29:07 nyprldap1 slapd[8867]: conn=2572 op=1 BIND > dn="cn=manager,dc=about,dc=com" mech=SIMPLE ssf=0 > > > > Does this mean that TLS is failing and it is falling back to ssf=0? I > think my master is configured to not allow unencrypted connections: You left out the lines before that from the log which clearly show it set TLS ;) --Quanah Hi Quanah, My concern is that it might be successfully negotiating TLS and then falling back to cleartext for some reason. I don't understand the significance of the "ssf=0" line.
