--On Sunday, November 14, 2021 9:36 PM +0000 "Ballem, Narayanan" Narayanan.Ballem@Staples.com wrote:
I modified the file as per the base but no luck with that. When I look TLS library which slapd program it's looks like it's using gnutls . Do I need to configure in different way for GNUTLS for TLS version in slapd.
Yes. You will need to consult the GnuTLS documentation. The slapd man page clearly states that the TLSProtocolMin option is ignored when linked to GnuTLS. I generally advise linking to OpenSSL for a number of different reasons. I believe with GnuTLS you do this via the TLSCipherSuite option to slapd. See also https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/security_guide/sec-working_with_cipher_suites_in_gnutls.
One example from Exim sets the cipher suites to: NORMAL:!VERS-SSL3.0
so that may be of help. See also the slapd.conf(5) man page section on TLSCipherSuite for the GnuTLS command line to print out relevant information.
This ticket may also be helpful: https://mod.gnutls.org/ticket/29
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com