Our customer is requiring us to use openssl 0.9.8l They have determined that there is a problem with datagram based TLS; as long as we're not using datagram-based TLS for communication to slapd, we can go ahead and approve this.
How do I find out if I'm using datagram-based TLS? Is it something in the slapd.conf file or is it something in the build of openldap? Or is it just not an issue?
Robert Hanson wrote:
Our customer is requiring us to use openssl 0.9.8l They have determined that there is a problem with datagram based TLS; as long as we’re not using datagram-based TLS for communication to slapd, we can go ahead and approve this.
Please read this post
http://www.openldap.org/lists/openldap-software/200911/msg00102.html
and explain to your customer that OpenSSL 0.9.8l is broken and using it will result in hung connections. Nobody should be using it. 0.9.8m will probably be released soon due to the issues in 0.9.8l.
How do I find out if I’m using datagram-based TLS? Is it something in the slapd.conf file or is it something in the build of openldap? Or is it just not an issue?
It is not an issue. LDAP is a connection-oriented protocol, not datagram-based.
openldap-technical@openldap.org