Unreliable enable_start_tls option for ldap authc module

Hello,

I’m trying to configure ldap authc module. If the ldap module is configured with enable_start_tls=true, authentication succed. But with tcpdump we can see that user names and passwords are transmitted over unencrypted connections.

With enable_ssl=true, connections are encrypted. But ldaps is deprecated in favor of startTLS.

I am running Open Distro Security Plugin v.1.12.0.0.

Do you have similar behavior? Any hints where to look?

Thanks in advance!

@Eugenie I’ve just tested startTLS in ODFE 1.13.2 and I could see my password. This looks like a bug in ODFE.

I’ve also checked OpenSearch 1.3.2 and 2.0.0 and my login and password were encrypted.

I suggest upgrading your ODFE cluster to OpenSearch.

1 Like

@pablo Thank you for the information ! :slight_smile: