[Date Prev][Date Next]
Re: (ITS#8924) Installed openldap2.4.46 and openssl1.1.1, the client and server still used TLS1.2 to negotiated
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#8924) Installed openldap2.4.46 and openssl1.1.1, the client and server still used TLS1.2 to negotiated
- From: firstname.lastname@example.org
- Date: Thu, 11 Oct 2018 17:31:07 +0000
- Auto-submitted: auto-generated (OpenLDAP-ITS)
--On Thursday, October 11, 2018 3:52 PM +0800 moyanan <email@example.com>
> I set the parameter in client: TLS_PROTOCOL_MIN 3.4, the client still
> start a client hello with TLS1.2, i doubt that the parameter not work in
> my configuration.
> here is my ldap.conf:
I would suggest reading the man page for ldap.conf(5):
Some of the settings in the ldap.conf you provided do not seem valid.
Again, I'd confirm what SSL library the ldapsearch you're using is linked
to. (I.e., ldd /path/to/ldapsearch). I only see TLS 1.3 negotiated by
default in my build setup where both slapd and the ldap* tools are linked
to OpenSSL 1.1.1.
Per the ldap.conf(5) man page, the TLS_PROTOCOL_MIN parameter is ignored by
GnuTLS, which makes me wonder if you're using a GnuTLS linked ldapsearch
The ldap.conf file I'm using simply sets TLS_REQCERT never and no other
Packaged, certified, and supported LDAP solutions powered by OpenLDAP: