Secure Sockets Layer (SSL) is the open standard security protocol
    for the secure transfer of sensitive information over the
    Internet.

    You can establish HP SSL for OpenVMS Alpha on an LDAP session
    if the server supports such sessions. SSL uses X.509 public key
    technology to provide the following security functions:

    o  Integrity and confidentiality of the LDAP dialog

       This is the most common use of HP SSL. The bytes sent over the
       wire are encrypted.

    o  Authentication of the client

       Some servers use SSL to authenticate the client and make
       access control decisions based on the client identity. In
       this case, the client must have access to its private key and
       its certificate. The client certificate subject is a DN.

    o  Authentication of the server

       It might be important for the client to verify the identity
       of the server to which it is talking. In this case, the client
       must have access to the appropriate certification authority
       (CA) public keys.

    There are several versions of SSL: SSLv2 (2.0), SSLv3 (3.0), and
    TLSv1 (3.1). TLS is the latest Internet standard. It does not
    require the use of RSA algorithms. Usually the client specifies
    the highest version it supports, and the server negotiates
    downward, if necessary. The client library supports all the
    versions listed here.

    You can establish SSL over LDAP two different ways:

    o  LDAPS

       This older, de facto standard uses a separate TCP/IP port
       (usually 636) specifically for SSL over LDAP. In this case,
       the second parameter to the ldap_tls_start() function must be
       set to zero.

    o  StartTLS

       This proposed Internet standard uses a regular LDAP port
       (usually 389) and requires the client to request the use
       of SSL. In this case, the second parameter to the ldap_tls_
       start() function must be set to 1.