directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Trustin Lee <>
Subject Re: TLS + SASL external and ACLs.
Date Sat, 07 May 2005 13:43:59 GMT

2005/5/7, David Boreham <>:
> >>Trustin, wouldnt StartTLS be a part of the LDAP protocol impl rather
> >>than a MINA filter?  I'm talking abt the command impl, not the actual
> >>TLS handshake/encryption/decryption.  For this we already have the
> >>SSLFilter.
> To implement StartTLS you need to do two things:
> 1. Decode the LDAP extended operation.
> 2. Tell the network I/O layer to install SSL/TLS on the connection
> and initiate its handshake.
> The existing filter should be fine, as long as the code that
> sees the extended operation has the ability to install the filter
> (and as long as filters can be installed on-the-fly on a
> connection that is already open).

I agree.  Adding SSLFilter globally won't work in case we implement StartTLS.

BTW Can I get some pointers to StartTLS and SASL?  I don't know much about them.

what we call human nature is actually human habit

View raw message