Full_Name: Matus Honek Version: 2.4.46 OS: Fedora 28 URL: ftp://ftp.openldap.org/incoming/Matus-Honek-180821.patch Submission from: (NULL) (213.175.37.10) When in OpenSSL one disables SSL3 by default (the SSL_OP_NO_SSLv3 is set by default, like in recent Fedora distributions) then with the current code in OpenLDAP it is not possible to have it re-enabled using TLS_PROTOCOL_MIN configuration option. The attached patch explicitly clears the SSL_OP_NO_SSLv3 option when TLS_PROTOCOL_MIN is set so that SSL3 should be enabled. Feel free to use it; I believe IPR should not be necessary for a one liner. However, in the future when more protocols will be disabled by default (possibly soon for TLS1.0 and TLS1.1), similar fixes will be needed for those as well. Or, it may be decided to not support the protocols that are disabled by default but in that case probably a log message should be issued once user tries to enable a by default disabled protocol.
Created attachment 687 [details] Matus-Honek-2018-08-21.patch
https://git.openldap.org/openldap/openldap/-/merge_requests/257
Commits: • 1cb4d2f0 by Matus Honek at 2021-02-26T18:30:38+00:00 ITS#8904 - Ensure SSLv3 is enabled when necessary Either at compilation time, or as a system-wide configuration, OpenSSL may have disabled SSLv3 protocol by default. This change ensures the protocol NO flag is cleared when necessary, hence allowing for the protocol to be used.