[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8920) OpenLDAP

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#8920) OpenLDAP
From: hyc@symas.com
Date: Tue, 25 Sep 2018 01:06:24 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

nanmor@126.com wrote:
> Full_Name: Nancy Mo
> Version: openldap-clients-2.4.44-15.el7_5.x86_64
> OS: Redhat 7
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (106.38.0.87)
> 
> 
> Hi team,
> 
> Linux server is redhat7, and installed Openssl-1.1.1 which is support for
> TLS1.3&#12290;
> I tried to connect a LDAP server which is used TLS1.3, the openldap client
> connection failed, if the server setting change to TLS 1.2, it can connected
> successfully&#12290;
> By the way, use the openssl s_client -connect HOSTNAME.com:636, it will use TLS
> 1.3, and connect successfully.
> In the ldap.conf, I have set two parameters&#65306; 
> 
> TLS_CACERTDIR /etc/openldap/certs
> TLS_REQCERT never
> 
> Why the openldap client can not use TLS1.3?

RedHat builds their OpenLDAP packages with MozillaNSS, not OpenSSL.

-- 
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: Re: (ITS#8920) OpenLDAP
Next by Date: Re: (ITS#8920) OpenLDAP
Index(es):
- Chronological
- Thread