5 May
2021
5 May
'21
6:07 a.m.
On 5/5/21 1:29 PM, Howard Chu wrote:
Michael Ströder wrote:
TLSProtocolMin 3.3 TLSCipherSuite HIGH
Then you're getting TLSv1.3 on these connections. Your ciphersuite config has no TLSv1.3 ciphers though; cipher suite "HIGH" only affects TLSv1.2 and below.
Ah sorry. I've wrongly implied that OpenSSL automagically chooses appropriate TLSv1.3 ciphers for HIGH.
Change your suite config to include some actual TLSv1.3 suites and it will be fine. There's no bug here, just a change in OpenSSL behavior which is covered in their documentation. https://wiki.openssl.org/index.php/TLS1.3
Thanks for your explanations.
Your text seems worth to be added herein:
https://www.openldap.org/doc/admin25/guide.html#More%20extensive%20TLS%20con...
Ciao, Michael.