[CentOS] LDAP encryption, not sure.
Jay Leafey
jay.leafey at mindless.com
Thu Feb 16 04:58:42 UTC 2012
On 02/15/2012 08:20 PM, Fajar Priyanto wrote:
>
> Basic question...
> What's the different between TLS and SSL in LDAP? I googled no clue yet.
>
A plain-old LDAPS (LDAP over SSL) connection starts off from the very
beginning as an SSL connection on port 636. When using LDAP and TLS,
the initial (unencrypted) connection is made to port 389 and the SSL
connection is negotiated on-the-fly. Logically, the unencrypted
connection is made initially, then the client and server start up an SSL
handshake if both ends support it.
The LDAP-over-SSL (LDAPS) method as been deprecated and the preferred
method is LDAP and TLS. The TLS method is no less secure as the only
thing that goes over the wire unencrypted is the SSL handshake.
Just my $.02
--
Jay Leafey - jay.leafey at mindless.com
Memphis, TN
More information about the CentOS
mailing list