Hi, all
What is the best settings to enforce TLS 1.2 in OpenLDAP server side
(openldap-2.4.44-1.el6)?
I make the change below:
From:
olcTLSProtocolMin: 0.0
To:
olcTLSProtocolMin: 3.3
However, TLS1.0 still shows up in a lot of tcpdump packets:
Secure Sockets Layer
TLSv1 Record Layer: Handshake Protocol: Client Hello
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 70
Handshake Protocol: Client Hello
Handshake Type: Client Hello (1)
Length: 66
Version: TLS 1.0 (0x0301)
Random
Session ID Length: 0
Cipher Suites Length: 20
Cipher Suites (10 suites)
Compression Methods Length: 1
Compression Methods (1 method)
Extensions Length: 5
Extension: renegotiation_info
Secure Sockets Layer
TLSv1 Record Layer: Handshake Protocol: Multiple Handshake Messages
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 1704
Handshake Protocol: Server Hello
Handshake Type: Server Hello (2)
Length: 77
Version: TLS 1.0 (0x0301)
Random
Session ID Length: 32
Session ID: 39c37acec27b5f497c3bf4a4c694c4a9cc03ed6371e0fee0...
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
Compression Method: null (0)
Extensions Length: 5
Extension: renegotiation_info
Handshake Protocol: Certificate
Handshake Type: Certificate (11)
Length: 1499
Certificates Length: 1496
Certificates (1496 bytes)
Handshake Protocol: Certificate Request
Handshake Type: Certificate Request (13)
Length: 112
Certificate types count: 3
Certificate types (3 types)
Distinguished Names Length: 106
Distinguished Names (106 bytes)
Handshake Protocol: Server Hello Done
Handshake Type: Server Hello Done (14)
Length: 0
Thanks,
Steve
