Both HTTP and LDAP can use Transport Layer Security (TLS)
or Secure Sockets Layer (SSL) to secure authentication credentials
and data sent over a network.
- Both TLS and SSL are supported. Any time an application server
has been configured to support TLS, it has also thereby been enabled
for SSL 3.0. Whether it actually uses SSL or TLS depends on the runtime
negotiation between client and server.
- TLS or SSL can be used to verify the identity of one or both of
the parties engaged in a network connection.
- TLS or SSL can also provide data integrity (proof that the data
has not been modified since the sender sent it).
- TLS can provide data confidentiality (obscuring the data from
third parties observing the dialog over the connection).