[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: enforce TLS 1.2 in OpenLDAP server side

To: openldap-technical@openldap.org
Subject: Re: enforce TLS 1.2 in OpenLDAP server side
From: Dieter Klünter <dieter@dkluenter.de>
Date: Sat, 10 Sep 2016 09:57:33 +0200
In-reply-to: <4E5E9A63-EA95-484B-9AD4-D45B8EE5CB1D@booking.com>
Organization: AVCI
References: <4E5E9A63-EA95-484B-9AD4-D45B8EE5CB1D@booking.com>

Am Fri, 9 Sep 2016 17:18:19 +0000
schrieb Steve Zeng <steve.zeng@booking.com>:

> Hi, all
> 
> What is the best settings to enforce TLS 1.2 in OpenLDAP server side
> (openldap-2.4.44-1.el6)?
> 
> I make the change below:
> 
> From: 
> olcTLSProtocolMin: 0.0
> 
> To:
> olcTLSProtocolMin: 3.3
> 
> However, TLS1.0 still shows up in a lot of tcpdump packets:

Is this compiled with GnuTLS or OpenSSL?

-Dieter

-- 
Dieter Klünter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53°37'09,95"N
10°08'02,42"E

Follow-Ups:
- Re: enforce TLS 1.2 in OpenLDAP server side
  - From: Steve Zeng <steve.zeng@booking.com>
- Re: enforce TLS 1.2 in OpenLDAP server side
  - From: Quanah Gibson-Mount <quanah@zimbra.com>

References:
- enforce TLS 1.2 in OpenLDAP server side
  - From: Steve Zeng <steve.zeng@booking.com>

Prev by Date: enforce TLS 1.2 in OpenLDAP server side
Next by Date: Re: enforce TLS 1.2 in OpenLDAP server side
Index(es):
- Chronological
- Thread