directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From elecha...@apache.org
Subject svn commit: r1776976 - /directory/site/trunk/content/api/user-guide/5.1-ssl.mdtext
Date Mon, 02 Jan 2017 18:39:28 GMT
Author: elecharny
Date: Mon Jan  2 18:39:28 2017
New Revision: 1776976

URL: http://svn.apache.org/viewvc?rev=1776976&view=rev
Log:
Added some doco about SSL

Modified:
    directory/site/trunk/content/api/user-guide/5.1-ssl.mdtext

Modified: directory/site/trunk/content/api/user-guide/5.1-ssl.mdtext
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/api/user-guide/5.1-ssl.mdtext?rev=1776976&r1=1776975&r2=1776976&view=diff
==============================================================================
--- directory/site/trunk/content/api/user-guide/5.1-ssl.mdtext (original)
+++ directory/site/trunk/content/api/user-guide/5.1-ssl.mdtext Mon Jan  2 18:39:28 2017
@@ -3,7 +3,7 @@ NavPrev: 5-ldap-security.html
 NavPrevText: 5 - LDAP Security
 NavUp: 5-ldap-security.html
 NavUpText: 5 - LDAP Security
-NavNext: 5.23-start-tls.html
+NavNext: 5.2-start-tls.html
 NavNextText: 5.2 - StartTLS
 Notice: Licensed to the Apache Software Foundation (ASF) under one
     or more contributor license agreements.  See the NOTICE file
@@ -24,4 +24,25 @@ Notice: Licensed to the Apache Software
 
 # 5.1 - SSL
 
->**Note:** Contents for this page will be added soon...
\ No newline at end of file
+**LDAP** supports **SSL**, it's called **LDAPS**, and it uses a dedicated port. As of today,
and since 2000, **LDAPS** is deprecated and **StartTLS** should be used.
+
+That being said, many servers accept **LDAPS**, and the Apache LDAP API supports it.
+
+## How does it work ?
+
+The **SSL** protocol ensures that data are transmitted encrypted, and guarantees that the
data being received are valid. Nobody can capture those data and read them, assuming the ciphers
being used are strong enough.
+
+With **SSL**, a dialog between the client and the server occurs, and when both part agree
on the cipher to use, then all subsequent data is encrypted. This dialog may include a mutual
validation. 
+
+## Protocols
+
+There are many version that can be used, but the idea is to use tha most recent one, if the
server supports it. In any case, as we depend on **Java**, we are also limited by the supported
version on the client side. Here are all the existing version, and their status :
+
+| SSL | Java 7 | Java 8 |
+| version | Client | Server | Client | Server |
+|---|---|---|---|---|
+| 2.0 | N/A | N/A | N/A | N/A |
+| 3.0 | Disabled | Disabled | N/A | N/A |
+| 3.1 (aka TLSv1) | Enabled | Enabled | Enabled | Enabled |
+| 3.2 (aka TLSv1.1 | Disabled | Enabled | Enabled | Enabled |
+| 3.3 (aka TLSv1.2) | Disabled | Enabled | Enabled | Enabled |



Mime
View raw message