nanmor@126.com wrote:
Full_Name: Nancy Mo Version: openldap-clients-2.4.44-15.el7_5.x86_64 OS: Redhat 7 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (106.38.0.87)
Hi team,
Linux server is redhat7, and installed Openssl-1.1.1 which is support for TLS1.3。 I tried to connect a LDAP server which is used TLS1.3, the openldap client connection failed, if the server setting change to TLS 1.2, it can connected successfully。 By the way, use the openssl s_client -connect HOSTNAME.com:636, it will use TLS 1.3, and connect successfully. In the ldap.conf, I have set two parameters:
TLS_CACERTDIR /etc/openldap/certs TLS_REQCERT never
Why the openldap client can not use TLS1.3?
RedHat builds their OpenLDAP packages with MozillaNSS, not OpenSSL.