Hi, all
What is the best settings to enforce TLS 1.2 in OpenLDAP server side (openldap-2.4.44-1.el6)?
I make the change below:
From: olcTLSProtocolMin: 0.0
To: olcTLSProtocolMin: 3.3
However, TLS1.0 still shows up in a lot of tcpdump packets:
Secure Sockets Layer TLSv1 Record Layer: Handshake Protocol: Client Hello Content Type: Handshake (22) Version: TLS 1.0 (0x0301) Length: 70 Handshake Protocol: Client Hello Handshake Type: Client Hello (1) Length: 66 Version: TLS 1.0 (0x0301) Random Session ID Length: 0 Cipher Suites Length: 20 Cipher Suites (10 suites) Compression Methods Length: 1 Compression Methods (1 method) Extensions Length: 5 Extension: renegotiation_info
Secure Sockets Layer TLSv1 Record Layer: Handshake Protocol: Multiple Handshake Messages Content Type: Handshake (22) Version: TLS 1.0 (0x0301) Length: 1704 Handshake Protocol: Server Hello Handshake Type: Server Hello (2) Length: 77 Version: TLS 1.0 (0x0301) Random Session ID Length: 32 Session ID: 39c37acec27b5f497c3bf4a4c694c4a9cc03ed6371e0fee0... Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f) Compression Method: null (0) Extensions Length: 5 Extension: renegotiation_info Handshake Protocol: Certificate Handshake Type: Certificate (11) Length: 1499 Certificates Length: 1496 Certificates (1496 bytes) Handshake Protocol: Certificate Request Handshake Type: Certificate Request (13) Length: 112 Certificate types count: 3 Certificate types (3 types) Distinguished Names Length: 106 Distinguished Names (106 bytes) Handshake Protocol: Server Hello Done Handshake Type: Server Hello Done (14) Length: 0
Thanks, Steve