At Wed, 22 Oct 2014 16:54:24 -0500, Peter Boguszewski wrote: > Thanks for the quick response. I was also messing with the olcTLSProtocolMin > settings and seeing similar issues (which are now verified by your answer). > It appears as though RHEL 6.x does not support TLS1.1 nor TLS1.2 with the yum > installed packages.
OpenLDAP in RHEL 6.x is version 2.4.23 that has a bug, ITS#7645. (See http://www.openldap.org/its/index.cgi?findid=7645) You must set olcTLSProtocolMin to 769 instead of 3.1 for OpenLDAP 2.4.35 and older. > > Cipher suites are not protocol versions. To configure slapd to only > > negotiate TLSv1.0 and higher use "olcTLSProtocolMin: 3.1", as documented > > in slapd-config(5). -- -- Name: SATOH Fumiyasu @ OSS Technology Corp. (fumiyas @ osstech co jp) -- Business Home: http://www.OSSTech.co.jp/ -- GitHub Home: https://GitHub.com/fumiyas/ -- PGP Fingerprint: BBE1 A1C9 525A 292E 6729 CDEC ADC2 9DCA 5E1C CBCA
