> -----Original Message----- > From: Philip Guenther <[email protected]> > Sent: Thursday, May 11, 2023 2:06 PM > To: Christopher Paul <[email protected]> > Cc: [email protected]; [email protected] > Subject: RE: Debugging TLS negotiation failure > > > > Not sure if that is causing the problem? > > > > Try prepending to your ldapsearch: > > > > "LDAPTLS_REQCERT=allow ldapsearch ..." > > To be clear, that setting disables the client's authentication of the > server: no protection from active attacks, back to "trust the network > layer". This is only useful for confirming that everything _except_ the > CA/cert setup are fine. Yes 100% agree. TLS in production should be used for encryption AND verification and so in production should use a signed cert and LDAPTLS_REQCERT=demand.
- Debugging TLS negotiation failure terry . lemons
- Re: Debugging TLS negotiation failure Howard Chu
- Re: Debugging TLS negotiation failure terry . lemons
- RE: Debugging TLS negotiation failure Christopher Paul
- RE: Debugging TLS negotiation failure Philip Guenther
- RE: Debugging TLS negotiation failu... Christopher Paul
- Re: Debugging TLS negotiation failure Howard Chu
- RE: Debugging TLS negotiation failure Lemons, Terry
- Re: Debugging TLS negotiation failure Jeffrey Walton
- RE: Debugging TLS negotiation failure Lemons, Terry
- Re: Debugging TLS negotiation failure Jeffrey Walton
- RE: Debugging TLS negotiation failu... Lemons, Terry
- Re: Debugging TLS negotiation f... Jordan Brown
- Re: Debugging TLS negotiati... Jordan Brown
- Re: Debugging TLS negotiati... Jeffrey Walton
- Re: Debugging TLS negotiati... Jordan Brown
