--On Friday, June 3, 2022 9:02 PM +0000 [email protected] wrote:
Hi all - As part of routine security remediation my company asked me to
remove the support for older TLS versions from my LDAP server. To this
effect I restarted the service after running the following:
sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -a -f olcTLSProtocolMin.ldif
Here is the content of olcTLSProtocolMin.ldif
dn: cn=config
changetype: modify
add: olcTLSProtocolMin
olcTLSProtocolMin: 3.3
Hello,
You've not specified which TLS library the slapd you are using is linked
to. As documented in the slapd.conf(5) and slapd-config(5) man pages,
setting a minimum protocol version only works with slapd binaries that are
linked to OpenSSL. If the deployment is linked to some other SSL library
it is not possible to use this setting to limit the TLS protocol version.
It may be possible via other methods if the slapd binary is linked to
GnuTLS, I strongly advise reading the man pages for further information.
Regards,
Quanah
