[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#7645) various TLSProtocolMin issues

Full_Name: Manuel Gaupp
Version: 2.4.35
OS: CentOS 6.3
Submission from: (NULL) (

This topic was originally discussed in

1.) the TLSProtocolMin parameter is not documented, but it should be - at least
in slapd.conf/slapd-config and ldap.conf (there is an example in the original
ITS #5655)

2.) the TLSProtocolMin functionality should be extended for TLS 1.1 and TLS 1.2
(see http://www.openldap.org/lists/openldap-technical/201307/msg00138.html)

3.) ldap.conf already accepts correctly formatted TLSProtocolMin values (e.g.
"3.1") whereas slapd.conf doesn't (has to be given as an integer, e.g. "769"); I
think servers/slapd/bconfig.c should be changed to use ldap_int_tls_config for
this option (as mentioned in the FIXME comment of config_tls_config).