Re: failover config: servers with same DNS address and TLS, subjectAltName extension
--On July 23, 2007 10:09:33 PM +0200 Emmanuel Dreyfus <manu(a)netbsd.org>
wrote:
Quanah Gibson-Mount <quanah(a)zimbra.com> wrote:
> Just note that using SSL over port 636 is not a defined protocol, and may
> go away in the future. Avoidance of its use when possible recommended.
I have this in /etc/services:
ldaps 636/tcp ldap protocol over TLS/SSL (was sldap)
And checking the authoritative source confirms it's registered.
http://www.iana.org/assignments/port-numbers
So what's wrong with LDAP/SSL over port 636?
It is not defined by any RFC, it is simply a hack that was put in to
address an issue with LDAPv2. LDAPv3 implements the RFC defined STARTTLS
operation (RFC 2830). Just because it is registered with iana doesn't mean
it is something that's been truly defined. As such, it faces the
possibility of disappearing in the future.
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration