Commit 247957a1 authored by Ondřej Kuzník's avatar Ondřej Kuzník Committed by Quanah Gibson-Mount
Browse files

ITS#9071 Document "tls none" for back-ldap

parent 7e551773
......@@ -575,7 +575,7 @@ is used.
.HP
.hy 0
.B tls {[try\-]start|[try\-]propagate|ldaps}
.B tls {none|[try\-]start|[try\-]propagate|ldaps}
.B [starttls=no]
.B [tls_cert=<file>]
.B [tls_key=<file>]
......@@ -585,12 +585,13 @@ is used.
.B [tls_cipher_suite=<ciphers>]
.B [tls_crlcheck=none|peer|all]
.RS
Specify the use of TLS when a regular connection is initialized. The
StartTLS extended operation will be used unless the URI directive protocol
scheme is \fBldaps://\fP. In that case this keyword may only be
set to "ldaps" and the StartTLS operation will not be used.
\fBpropagate\fP issues the StartTLS operation only if the original
connection did.
Specify TLS settings for regular connections.
The first parameter only applies to \fBldap://\fP connections and so
at the moment, \fBnone\fP and \fBldaps\fP are equivalent.
With \fBpropagate\fP, the proxy issues StartTLS operation only if
the original connection has a TLS layer set up.
The \fBtry\-\fP prefix instructs the proxy to continue operations
if the StartTLS operation failed; its use is \fBnot\fP recommended.
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment