[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8924) Installed openldap2.4.46 and openssl1.1.1, the client and server still used TLS1.2 to negotiated

--On Tuesday, October 09, 2018 10:02 AM +0000 nanmor@126.com wrote:

> We can get the result, but from Wireshark result, we find that they used
> TLS1.2 to negotiated.

I do not find this to be the case with OpenLDAP 2.4.46.

> The openSSL is support for TLS1.3,however openldap-2.4.46 is still used
> TLS1.2 by default. Need some parameters to specify TLS1.3 in openldap
> configuration?


> By the way, I have tested that other application can negotiated with
> TLS1.3 by default when the client and server both use openssl-1.1.1.

That is the behavior I see.

OpenLDAP 2.4.46 linked to OpenSSL 1.1.1 for both the client and server:

5bbcb282 connection_read(14): checking for input on id=1001
TLS trace: SSL_accept:TLSv1.3 early data
TLS trace: SSL_accept:SSLv3/TLS read finished
TLS trace: SSL_accept:SSLv3/TLS write session ticket
TLS trace: SSL_accept:SSLv3/TLS write session ticket

Perhaps the ldapsearch you picked up was not the one linked to OpenSSL 

You may also want to read the slapd.conf(5) or slapd-config(5) man pages on 
how to set a minimum required TLS protocol version.



Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP: