A dotted number is not accepted for TLSProtocolMin, e.g., TLSProtocolMin 3.0
However, it seems is should be, hence below is a patch: when looking for a number, make sure that not just the first character is a digit, but the entire string can be parsed as such.
Note: IMHO this might not be the right fix, but "it works". The right fix might be to check for ARG_INT before trying to parse it as an integer. But that's too much of a change and I'm not that familiar with the code.
Index: bconfig.c =================================================================== retrieving revision 1.3 diff -u -r1.3 bconfig.c --- bconfig.c 5 Oct 2009 16:22:10 -0000 1.3 +++ bconfig.c 7 Oct 2009 21:45:28 -0000 @@ -3626,13 +3626,8 @@ } ch_free( c->value_string ); c->cleanup = config_tls_cleanup; - if ( isdigit( (unsigned char)c->argv[1][0] ) ) { - if ( lutil_atoi( &i, c->argv[1] ) != 0 ) { - Debug(LDAP_DEBUG_ANY, "%s: " - "unable to parse %s "%s"\n", - c->log, c->argv[0], c->argv[1] ); - return 1; - } + if ( isdigit( (unsigned char)c->argv[1][0] ) && + lutil_atoi( &i, c->argv[1] ) == 0 ) { return(ldap_pvt_tls_set_option(slap_tls_ld, flag, &i)); } else { return(ldap_int_tls_config(slap_tls_ld, flag, c->argv[1]));
openldap-software@openldap.org