Full_Name: Matus Honek Version: 2.4.46 OS: Fedora 28 URL: ftp://ftp.openldap.org/incoming/Matus-Honek-180821.patch Submission from: (NULL) (213.175.37.10)

When in OpenSSL one disables SSL3 by default (the SSL_OP_NO_SSLv3 is set by default, like in recent Fedora distributions) then with the current code in OpenLDAP it is not possible to have it re-enabled using TLS_PROTOCOL_MIN configuration option.

The attached patch explicitly clears the SSL_OP_NO_SSLv3 option when TLS_PROTOCOL_MIN is set so that SSL3 should be enabled. Feel free to use it; I believe IPR should not be necessary for a one liner.

However, in the future when more protocols will be disabled by default (possibly soon for TLS1.0 and TLS1.1), similar fixes will be needed for those as well. Or, it may be decided to not support the protocols that are disabled by default but in that case probably a log message should be issued once user tries to enable a by default disabled protocol.