Hi

I suspect your (RHELs) openldap is not using OpenSSL (check with ldd) , but gnutls instead.

Maybe

https://www.gnutls.org/manual/html_node/Priority-Strings.html

And

http://myatus.com/p/quick-note-disable-sslv3-openldap-gnutls/

Might give you some hints?

If your using RHEL, then you should have a support contract, so you could also ask RedHat?

Best,
Kevin

Sent from my iPad

On 30 Sep 2016, at 05:24, Gaurav Swami <swamigaurav90@gmail.com> wrote:

Hello,

I have Redhat 6  where  am trying to disable TLSv1.0 protocol.I have tried below configuration

RHEL6
-----------------------------------------
[root@ldap1 ~]# rpm -qa | grep -we openldap -we openssl -we nss
krb5-pkinit-openssl-1.10.3-10.el6_4.6.x86_64
openldap-servers-2.4.40-12.el6.x86_64
nss-util-3.21.0-2.el6.x86_64
nss-3.21.0-8.el6.x86_64
openssl-devel-1.0.1e-48.el6_8.1.x86_64
openssl-1.0.1e-48.el6_8.1.x86_64
openldap-clients-2.4.40-12.el6.x86_64
nss-softokn-freebl-3.14.3-23.3.el6_8.x86_64
nss-sysinit-3.21.0-8.el6.x86_64
nss-tools-3.21.0-8.el6.x86_64
openldap-2.4.40-12.el6.x86_64 
nss-softokn-3.14.3-23.3.el6_8.x86_64
----------------------------------------------------------------------------

RHEL6 Configuration 

----------------------------------------
TLSProtocolMin 3.2
TLSCipherSuite  HIGH
-----------------------------------------

But still when I ran third party tool to check offered protocol am getting 

--> Testing protocols (via sockets except TLS 1.2 and SPDY/NPN)

 SSLv2      not offered (OK)
 SSLv3      not offered (OK)
 TLS 1      offered
 TLS 1.1    offered
 TLS 1.2    offered (OK)
 SPDY/NPN   not offered

--> Testing ~standard cipher lists

TLSv1.0 is still offered  ,I want to disable TLSv1.0 also 

Any suggestiosn?

 

--
Thanks & Regards,
*Gaurav Swami*