Re: enforce TLS 1.2 in OpenLDAP server side

[Steve Zeng <steve.zeng@booking.com>]

OpenSSL

Thanks,
Steve

> On Sep 10, 2016, at 00:58, Dieter Klünter <dieter@dkluenter.de> wrote:
> 
> Am Fri, 9 Sep 2016 17:18:19 +0000
> schrieb Steve Zeng <steve.zeng@booking.com>:
> 
>> Hi, all
>> 
>> What is the best settings to enforce TLS 1.2 in OpenLDAP server side
>> (openldap-2.4.44-1.el6)?
>> 
>> I make the change below:
>> 
>> From: 
>> olcTLSProtocolMin: 0.0
>> 
>> To:
>> olcTLSProtocolMin: 3.3
>> 
>> However, TLS1.0 still shows up in a lot of tcpdump packets:
> 
> Is this compiled with GnuTLS or OpenSSL?
> 
> -Dieter
> 
> -- 
> Dieter Klünter | Systemberatung
> http://sys4.de
> GPG Key ID: E9ED159B
> 53°37'09,95"N
> 10°08'02,42"E
>