[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: enforce TLS 1.2 in OpenLDAP server side
- To: Quanah Gibson-Mount <quanah@zimbra.com>
- Subject: Re: enforce TLS 1.2 in OpenLDAP server side
- From: Steve Zeng <steve.zeng@booking.com>
- Date: Sun, 11 Sep 2016 01:25:24 +0000
- Accept-language: en-US
- Cc: Dieter Klünter <dieter@dkluenter.de>, "openldap-technical@openldap.org" <openldap-technical@openldap.org>
- Content-language: en-CA
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=booking.com ; s=bk; h=MIME-Version:Content-Transfer-Encoding:Content-Type:In-Reply-To: References:Message-ID:Date:Subject:CC:To:From; bh=vxiX/e5ms3cjy5RIGMOE7WvdYmWGst3gqM5dSEzR7qo=; b=12CB/0F/oRM4kzpDM37us2RW1d uB/ofa4BnJKiPqyPeXet91g08kXOHiBZd3nuByjLLvjHuoeGqDjgtTL5/6YPR0glkxWNPjhSWP6lF gi/KPNrYihNiploEZPw24qQElrt7vNdcIw91ylw9+NNFqooo1iDEv7wo1BSGmMHtnEhw=;
- In-reply-to: <1577D2ECD71102E50DBD07ED@[192.168.1.19]>
- References: <4E5E9A63-EA95-484B-9AD4-D45B8EE5CB1D@booking.com> <20160910095733.618c4bc2@pink.avci.de>, <1577D2ECD71102E50DBD07ED@[192.168.1.19]>
- Thread-index: AQHSCr4p4MvAukiipEe0Ct1yqNOPbaByS7mAgADUIQCAAGFnoQ==
- Thread-topic: enforce TLS 1.2 in OpenLDAP server side
Thanks for the note. So we need to rebuild it against OpenSSL?
Thanks,
Steve
> On Sep 10, 2016, at 13:37, Quanah Gibson-Mount <quanah@zimbra.com> wrote:
>
> --On Saturday, September 10, 2016 10:57 AM +0200 Dieter Klünter <dieter@dkluenter.de> wrote:
>
>>> However, TLS1.0 still shows up in a lot of tcpdump packets:
>>
>> Is this compiled with GnuTLS or OpenSSL?
>
> Since it is ".el6" that would generally imply a RHEL build. That would in turn mean it is most likely compiled against the known insecure and broken MozNSS libs. So neither GnuTLS or OpenSSL.
>
> --Quanah
>
> --
>
> Quanah Gibson-Mount