>> I would like to require that *only* SSL/TLS connections be allowed to >> my server. This is not to be confused with wanting SSL client >> authentication. I had initially thought I could do this with ACI >> using the authmethod="ssl", however after looking at the >> documentation closely and experimentation this refers to do client >> based SSL authentication as well. I do have SSL/TLS set up >> correctly, I just want to disallow non-encrypted traffic. > This is interesting. I swear that we had a 'transport security type' aci las type. I remember talking about it as if it existed many times. However, when I look at the code I see that you are correct : the 'authmethod' thing is really looking for SASL_EXTERNAL/SSL authentication, and not SSL used as transport. Something for the todo list perhaps would be to add transport type: encrypted or not and so on.
