[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#8924) Installed openldap2.4.46 and openssl1.1.1, the client and server still used TLS1.2 to negotiated
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#8924) Installed openldap2.4.46 and openssl1.1.1, the client and server still used TLS1.2 to negotiated
- From: quanah@symas.com
- Date: Tue, 09 Oct 2018 13:56:33 +0000
- Auto-submitted: auto-generated (OpenLDAP-ITS)
--On Tuesday, October 09, 2018 10:02 AM +0000 nanmor@126.com wrote:
> We can get the result, but from Wireshark result, we find that they used
> TLS1.2 to negotiated.
I do not find this to be the case with OpenLDAP 2.4.46.
> The openSSL is support for TLS1.3,however openldap-2.4.46 is still used
> TLS1.2 by default. Need some parameters to specify TLS1.3 in openldap
> configuration?
Nope.
> By the way, I have tested that other application can negotiated with
> TLS1.3 by default when the client and server both use openssl-1.1.1.
That is the behavior I see.
OpenLDAP 2.4.46 linked to OpenSSL 1.1.1 for both the client and server:
5bbcb282 connection_read(14): checking for input on id=1001
TLS trace: SSL_accept:TLSv1.3 early data
TLS trace: SSL_accept:SSLv3/TLS read finished
TLS trace: SSL_accept:SSLv3/TLS write session ticket
TLS trace: SSL_accept:SSLv3/TLS write session ticket
Perhaps the ldapsearch you picked up was not the one linked to OpenSSL
1.1.1.
You may also want to read the slapd.conf(5) or slapd-config(5) man pages on
how to set a minimum required TLS protocol version.
Regards,
Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>