https://bugs.openldap.org/show_bug.cgi?id=9562
Issue ID: 9562 Summary: Unable to setup TLS1.3 Product: OpenLDAP Version: 2.4.45 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: slapd Assignee: bugs@openldap.org Reporter: santhu227@gmail.com Target Milestone: ---
How we can enable TLS1.3 on OopenLDAP for ubuntu 18.04.5 LTS.
Package details : OS PRETTY_NAME="Ubuntu 18.04.5 LTS" VERSION_ID="18.04"
OpenSSL 1.1.1g 21 Apr 2020.
grep -R olcTLS /etc/ldap/slapd.d/ /etc/ldap/slapd.d/cn=config.ldif:olcTLSCRLCheck: none /etc/ldap/slapd.d/cn=config.ldif:olcTLSProtocolMin: 3.3 /etc/ldap/slapd.d/cn=config.ldif:olcTLSCipherSuite: NORMAL /etc/ldap/slapd.d/cn=config.ldif:olcTLSVerifyClient: try /etc/ldap/slapd.d/cn=config.ldif:olcTLSCACertificateFile: /etc/ldap/sasl2/ldap_server_new_13.crt /etc/ldap/slapd.d/cn=config.ldif:olcTLSCertificateKeyFile: /etc/ldap/sasl2/ldap_server_new_13.key /etc/ldap/slapd.d/cn=config.ldif:olcTLSCertificateFile: /etc/ldap/sasl2/ldap_server_new_13.crt
dpkg -s slapd | grep Version Version: 2.4.45+dfsg-1ubuntu1.10
Is there any possibility to enable TLS1.3 on slapd service(OpenLDAP server) for above configuration.
If need to upgrade any package will it be possible to upgrade or update on Ubuntu 18.04.5.
https://bugs.openldap.org/show_bug.cgi?id=9562
--- Comment #1 from Howard Chu hyc@openldap.org --- *** Issue 9563 has been marked as a duplicate of this issue. ***
https://bugs.openldap.org/show_bug.cgi?id=9562
Howard Chu hyc@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution|--- |INVALID
--- Comment #2 from Howard Chu hyc@openldap.org --- If your OpenLDAP was built against OpenSSL 1.1.1 then TLSv1.3 is already enabled by default. If not then you need to recompile it using OpenSSL 1.1.1. There is no OpenLDAP bug here, closing this ticket.
https://bugs.openldap.org/show_bug.cgi?id=9562
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED
--- Comment #3 from Quanah Gibson-Mount quanah@openldap.org --- A few comments:
A) debian and ubuntu builds of OpenLDAP do not link to OpenSSL, but GnuTLS.
B) The ITS system is for bug reports, not usage questions. If you have issues with how to configure your software, I strongly advise (1) actually understanding how it was built, (2) then reading the documentation relevant to how it was built, and finally (3) contacting the openldap-technical mailing list if you still have issues understanding how to correctly configure OpenLDAP.
-
openldap-its@openldap.org