Hello Quanah,
Thank you for the information, & I am not sure what images were attached, sorry about that.
Thanks, Ed
-----Original Message----- From: Quanah Gibson-Mount quanah@symas.com Sent: Tuesday, April 13, 2021 2:13 PM To: CLARKE, ED C ec4397@att.com; openldap-technical@openldap.org Subject: Re: Enable support for TLS 1.2 and 1.3, and disable support for TLS 1.0.
--On Tuesday, April 13, 2021 7:56 PM +0000 "CLARKE, ED C" ec4397@att.com wrote:
[Image: ""]
Hi Ed,
In the future, please do not attach images to your email.
I am having trouble disabling TLS1.0 on my OpenLdap and enabling TLS 1.2 & 1.3, below are the scan results:
• Enable support for TLS 1.2 and 1.3, and disable support for TLS 1.0. • "Consult the application's documentation to disable SSL 2.0 and 3.0. • Use TLS 1.2 (with approved cipher suites) or higher instead." • "Ports found: 389 • TLSv1 is enabled and the server supports at least one cipher."
• Info for my LDAP
• $ rpm -qa | grep ldap • openldap-clients-2.4.44-21.el7_6.s390x • sssd-ldap-1.16.2-13.el7_6.12.s390x • openldap-2.4.44-21.el7_6.s390x • openldap-servers-2.4.44-21.el7_6.s390x
OpenLDAP in RHEL7 is linked to the OpenSSL 1.0.2 which does not have support for TLS1.3. So the latest version you can access with your build is TLS 1.2.
I suggest reading the slapd.conf(5) or slapd-config(5) man page, which clearly documents how to set a minimum TLS protocol for the slapd server.
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <https://urldefense.com/v3/__http://www.symas.com__;!!BhdT!2Ay6kjyFewXlyTrX2v... >