Re: Locking down ciphers in OpenLDAP with GnuTLS
On 2/7/19 5:50 PM, Philip Colmer wrote:
I want to restrict the cipher suites used in OpenLDAP so that only
TLS1.2 is supported.
Looking at https://openldap.org/doc/admin24/tls.html, I first tried
setting olcTLSCipherSuite to "HIGH" but the LDAP server gave an error 80
and then stopped accepted further connections until I restarted it.
Attribute 'olcTLSCipherSuite' is for setting the cipher suites.
You should rather set
olcTLSProtocolMin: 3.3
Ciao, Michael.
Attachments:
- smime.p7s (application/pkcs7-signature — 3.9 KB)