What are the implications of checking one or both useSSL and useTLS boxes for LDAP config?

Question

Adobe documentation for AEM 6 says

"Check the Use SSL or Use TLS checkboxes when configuring the LDAP Identity Provider."

What protocol will be used if I check both boxes? Does TLS override the SSL config option? It seems to work with one or both checked, but I can't verify which protocol was used. Is checking just TLS sufficient to ensure I have a connection using the TLS protocol?

Answer 1

There are 2 ways to secure LDAP connections :

• One is to connect to the LDAPS port (636 by default) using SSL (or the later TLS versions). This is the legacy and non-standard way to do it, also generally known as "Use SSL".
• One is to connect to the LDAP port (389), and then enable TLS using
  the LDAP StartTLS extended operation (which negotiates SSLv3 or TLS protocols). It is generally known as "Use TLS".

The underlying version of the protocol used (SSLv3, TLSv1.0, TLSv1.1...) depends on the settings of the LDAP server or the LDAP client library. I hope this helps.