Hi Nancy,
I'm not aware of RHEL7 shipping with OpenSSL-1.1, OpenLDAP is linked with openssl-1.0.2 there.
Anyway, please report all issues related to TLS in OpenLDAP in Red Hat products to Red Hat Support or Bugzilla, first.
Thanks! Regards. On Fri, Sep 21, 2018 at 11:21 AM nanmor@126.com wrote:
Full_Name: Nancy Mo Version: openldap-clients-2.4.44-15.el7_5.x86_64 OS: Redhat 7 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (106.38.0.87)
Hi team,
Linux server is redhat7, and installed Openssl-1.1.1 which is support for TLS1.3。 I tried to connect a LDAP server which is used TLS1.3, the openldap clien=
t
connection failed, if the server setting change to TLS 1.2, it can connec=
ted
successfully。 By the way, use the openssl s_client -connect HOSTNAME.com:636, it will u=
se TLS
1.3, and connect successfully. In the ldap.conf, I have set two parameters:
TLS_CACERTDIR /etc/openldap/certs TLS_REQCERT never
Why the openldap client can not use TLS1.3?
Thanks a lot.
beat regards
nancy
--=20 Mat=C3=BA=C5=A1 Hon=C4=9Bk Software Engineer Red Hat Czech