Christian Rößner wrote:
> I use OpenLDAP with Postfix. Today I tried to make OpenLDAP more secure by
> requiring TLSv1.2. At this point Postfix stopped working.

I set TLSProtocolMin 3.3 (requires TLS 1.2) in my slapd.conf and ldap table of
postfix 2.11.7 still works (both running on openSUSE Factory:ARM on rpi1b).

> I miss something like tls_protocols in ldap_table(5)
> 
> It would be nice to add this feature.

Since this would be a client side option it would IMHO not help with the interop
issue you experienced before.

Note that the TLS interop of ldap table is influenced by the various build(s) of
libldap and crypto libs on your OS platform(s). Which one? If it's Debian then
note that libldap is linked against GnuTLS which has caused some trouble for
others in the past.

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Reply via email to