From: Kurt Zeilenga <kurt@openldap.org>
Date: Thu, 22 May 2003 00:15:57 +0000 (+0000)
Subject: Zap "TLS hard"
X-Git-Tag: OPENLDAP_REL_ENG_2_2_0ALPHA~92
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=b378944fc119c1d7778c73716b4ff639c14bf237;p=openldap

Zap "TLS hard"
---

diff --git a/doc/man/man5/ldap.conf.5 b/doc/man/man5/ldap.conf.5
index 5067cb193e..64078fbfdf 100644
--- a/doc/man/man5/ldap.conf.5
+++ b/doc/man/man5/ldap.conf.5
@@ -192,31 +192,10 @@ size allowed.  0 disables security layers.  The default is 65536.
 .RE
 .SH TLS OPTIONS
 If OpenLDAP is built with Transport Layer Security support, there
-are more options you can specify.
-.TP
-.B TLS <level>
-Specifies whether client connections should use ldaps:// by default.
-This option is deprecated in favor of the
-.B URI
-option.  Using the
-.B TLS
-option may break some applications.
-.LP
-The
-.B <level>
-can be specified as one of the following keywords:
-.RS
-.TP
-.B never
-This is the default. Connections will be opened in the clear unless
-TLS is explicitly specified (e.g. using an "ldaps://" URL.)
-.TP
-.B hard
-All connections will be established with TLS.
-Note that using this option effectively makes the library open every
-session as an ldaps session and is incompatible with the LDAPv3 StartTLS
-request.
-.RE
+are more options you can specify.  These options are used when an
+.B ldaps:// URI
+is selected (by default or otherwise) or when the application
+negotiates TLS by issuing the LDAP Start TLS operation.
 .TP
 .B TLS_CACERT <filename>
 Specifies the file that contains certificates for all of the Certificate