TLS/STARTTLS Localconfig Values: Difference between revisions

Revision as of 18:51, 17 March 2011

The following are security-related localconfig values and their interaction to one another:

ldap_starttls_supported. Enables/disables the LDAP client in the mailbox server, Postfix, and Amavis servers to communicate with the LDAP server. To disable use of starttls, set this command to 0. To enable use, change the setting to 1.

ldap_common_require_tls. You can set the required SSF of connections to force secured connections using the ldap_common_require_tls localconfig key. The value to provide is the minimum security strength to require for connections. In general, this will be 128, but it depends on the strength of your generated cert/keys. You can view your ldap log level at 256 level to see what current strength incoming connections are using.

@@ Line 5: / Line 5: @@
 *'''zimbra_require_interprocess_security'''. Defaults to 1 (true).
-*'''ldap_starttls_supported'''. Enables/disables the LDAP client in the mailbox
+*'''ldap_starttls_supported'''. Enables/disables the LDAP client in the mailbox server, Postfix, and Amavis servers to communicate with the LDAP server. To disable use of starttls, set this command to 0. To enable use, change the setting to 1.
-server, Postfix, and Amavis servers to communicate with the LDAP server. To
-disable use of starttls, set this command to 0. To enable use, change the
-setting to 1.
 *'''ldap_common_require_tls'''. You can set the required SSF of connections to force secured connections using the ldap_common_require_tls localconfig key. The value to provide is the minimum security strength to require for connections. In general, this will be 128, but it depends on the strength of your generated cert/keys. You can view your ldap log level at 256 level to see what current strength incoming connections are using.