|
> > 3.1.2. StartTLS Response
> >
> > The server will return a resultCode other than success (as
> > documented in [Protocol] section 4.13.2.2) if it is unwilling or
> > unable to negotiate TLS. In this case the LDAP session is left
> > without a TLS layer.
>
> This only says what happens at non‑success, not at success.
> [Protocol] is rather sparse about it too.
Based on Hallvard's query above, Jim Sermersheim and I recommend a change to paragraph 2 of [Protocol] section 14.4.2 to explicitly state that a success resultCode indicates that the protocol peers should begin TLS negotiation. I'll leave it to Jim to craft the wording.
Thanks,
Roger
| 