On Thu, 1 Dec 2016, David Ward <daw...@brocade.com> wrote:
> I'm looking for a test method to restrict the level of TLS used with 
> slapd. I'm running ver 2.4.40 which supports TLS 1.2. I see the 
> undocumented command 'TLSProtocolMin' to require minimum strength. I 
> would like to disable certain version.

OpenLDAP doesn't provide any way to turn off support for the highest 
protocol version supported by the OpenSSL it is built against.  If you 
build against a modern OpenSSL, you get TLS 1.2 no matter what.  If you 
need to test client operation against a server that doesn't support TLS 
1.2 then you'll need to hack OpenLDAP to disable it, perhaps adding a 
TLSProtocolMax option to your tree.

Philip Guenther

Reply via email to