Hello, Thank you very much for the tip. I was definitively not looking in that direction. I have managed to configure opensssl so that lower ssl works (until our legacy app is updated). What I did is to add at the top of /etc/ssl/openssl.cnf
openssl_conf = default_conf [default_conf] ssl_conf = ssl_sect
[ssl_sect] system_default = system_default_sect
[system_default_sect]
# MinProtocol = TLSv1.2 MinProtocol = TLSv1 CipherString = DEFAULT@SECLEVEL=1
I’m not sure if it not a bit too ocmplex but it works.
Thanks again for your help.
f.g.
Le 23 févr. 2022 à 18:10, Quanah Gibson-Mount quanah@fast-mail.org a écrit :
--On Wednesday, February 23, 2022 6:07 PM +0100 Frédéric Goudal frederic.goudal@bordeaux-inp.fr wrote:
It works, I show you :
against 2.4.0 openldap server
nmap --script ssl-enum-ciphers -p 636 <oldldap>
So… it still does not work. What can I do ?
It would appear the provider of the OpenSSL libraries disabled anything less than TLSv1.2.
--Quanah
— Frédéric Goudal Ingénieur Système, DSI Bordeaux-INP +33 556 84 23 11