https://bugs.openldap.org/show_bug.cgi?id=9563
Issue ID: 9563 Summary: OpenLDAP enable TLS1.3 Product: OpenLDAP Version: 2.4.45 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: slapd Assignee: bugs@openldap.org Reporter: santhu227@gmail.com Target Milestone: ---
How we can enable TLS1.3 on OopenLDAP for ubuntu 18.04.5 LTS.
Package details : OS PRETTY_NAME="Ubuntu 18.04.5 LTS" VERSION_ID="18.04"
OpenSSL 1.1.1g 21 Apr 2020.
grep -R olcTLS /etc/ldap/slapd.d/ /etc/ldap/slapd.d/cn=config.ldif:olcTLSCRLCheck: none /etc/ldap/slapd.d/cn=config.ldif:olcTLSProtocolMin: 3.4 /etc/ldap/slapd.d/cn=config.ldif:olcTLSCipherSuite: NORMAL /etc/ldap/slapd.d/cn=config.ldif:olcTLSVerifyClient: try /etc/ldap/slapd.d/cn=config.ldif:olcTLSCACertificateFile: /etc/ldap/sasl2/ldap_server_new_13.crt /etc/ldap/slapd.d/cn=config.ldif:olcTLSCertificateKeyFile: /etc/ldap/sasl2/ldap_server_new_13.key /etc/ldap/slapd.d/cn=config.ldif:olcTLSCertificateFile: /etc/ldap/sasl2/ldap_server_new_13.crt
dpkg -s slapd | grep Version Version: 2.4.45+dfsg-1ubuntu1.10
Is there any possibility to enable TLS1.3 on slapd service(OpenLDAP server) for above configuration.
If need to upgrade any package will it be possible to upgrade or update on Ubuntu 18.04.5.
openssl client output where openssl is not able to connecte with TLS1.3. Same will list ciphers for TLS1.2
openssl s_client -connect <host>:636 -tls1_3 CONNECTED(00000003) write:errno=0 --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 215 bytes Verification: OK --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) ---