--On Friday, June 3, 2022 9:02 PM +0000 juan@quantifind.com wrote:
Hi all - As part of routine security remediation my company asked me to remove the support for older TLS versions from my LDAP server. To this effect I restarted the service after running the following:
sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -a -f olcTLSProtocolMin.ldif
Here is the content of olcTLSProtocolMin.ldif
dn: cn=config changetype: modify add: olcTLSProtocolMin olcTLSProtocolMin: 3.3
Hello,
You've not specified which TLS library the slapd you are using is linked to. As documented in the slapd.conf(5) and slapd-config(5) man pages, setting a minimum protocol version only works with slapd binaries that are linked to OpenSSL. If the deployment is linked to some other SSL library it is not possible to use this setting to limit the TLS protocol version. It may be possible via other methods if the slapd binary is linked to GnuTLS, I strongly advise reading the man pages for further information.
Regards, Quanah