Le 22 févr. 2022 à 17:48, Quanah Gibson-Mount quanah@fast-mail.org a écrit : --On Tuesday, February 22, 2022 9:45 AM +0100 Frédéric Goudal frederic.goudal@bordeaux-inp.fr wrote:
Hello,
For a legacy application we need to drop the ssl version available on our openldap server.
Currently it supports TLSv1.2, checked with nmap --script ssl-enum-ciphers -p 636 host
What ever value I put on olcTLSProtocolmin the ssl version does not change… I have tried 3.0 3.1 3.2…
What do I miss ? Or is it a feature ?
What SSL library is your OpenLDAP linked to?
From what I see in config.status D["HAVE_OPENSSL_SSL_H"]=" 1" D["HAVE_OPENSSL"]=" 1"
ii libssl-dev:amd64 1.1.1f-1ubuntu2.9 amd64 Secure Sockets Layer toolkit - development files ii libssl1.1:amd64 1.1.1f-1ubuntu2.9 amd64 Secure Sockets Layer toolkit - shared libraries
f.g.
— Frédéric Goudal Ingénieur Système, DSI Bordeaux-INP +33 556 84 23 11