Hi
I suspect your (RHELs) openldap is not using OpenSSL (check with ldd) , but gnutls instead.
Maybe
https://www.gnutls.org/manual/html_node/Priority-Strings.html
And
http://myatus.com/p/quick-note-disable-sslv3-openldap-gnutls/
Might give you some hints?
If your using RHEL, then you should have a support contract, so you could also ask RedHat?
Best, Kevin
Sent from my iPad
On 30 Sep 2016, at 05:24, Gaurav Swami swamigaurav90@gmail.com wrote:
Hello,
I have Redhat 6 where am trying to disable TLSv1.0 protocol.I have tried below configuration
RHEL6
[root@ldap1 ~]# rpm -qa | grep -we openldap -we openssl -we nss krb5-pkinit-openssl-1.10.3-10.el6_4.6.x86_64 openldap-servers-2.4.40-12.el6.x86_64 nss-util-3.21.0-2.el6.x86_64 nss-3.21.0-8.el6.x86_64 openssl-devel-1.0.1e-48.el6_8.1.x86_64 openssl-1.0.1e-48.el6_8.1.x86_64 openldap-clients-2.4.40-12.el6.x86_64 nss-softokn-freebl-3.14.3-23.3.el6_8.x86_64 nss-sysinit-3.21.0-8.el6.x86_64 nss-tools-3.21.0-8.el6.x86_64 openldap-2.4.40-12.el6.x86_64 nss-softokn-3.14.3-23.3.el6_8.x86_64
RHEL6 Configuration
TLSProtocolMin 3.2 TLSCipherSuite HIGH
But still when I ran third party tool to check offered protocol am getting
--> Testing protocols (via sockets except TLS 1.2 and SPDY/NPN)
SSLv2 not offered (OK) SSLv3 not offered (OK) TLS 1 offered TLS 1.1 offered TLS 1.2 offered (OK) SPDY/NPN not offered
--> Testing ~standard cipher lists
TLSv1.0 is still offered ,I want to disable TLSv1.0 also
Any suggestiosn?
-- Thanks & Regards, *Gaurav Swami*