22 Oct
2014
22 Oct
'14
7:59 p.m.
At Wed, 22 Oct 2014 16:54:24 -0500, Peter Boguszewski wrote:
Thanks for the quick response. I was also messing with the olcTLSProtocolMin settings and seeing similar issues (which are now verified by your answer). It appears as though RHEL 6.x does not support TLS1.1 nor TLS1.2 with the yum installed packages.
OpenLDAP in RHEL 6.x is version 2.4.23 that has a bug, ITS#7645. (See http://www.openldap.org/its/index.cgi?findid=7645)
You must set olcTLSProtocolMin to 769 instead of 3.1 for OpenLDAP 2.4.35 and older.
Cipher suites are not protocol versions. To configure slapd to only negotiate TLSv1.0 and higher use "olcTLSProtocolMin: 3.1", as documented in slapd-config(5).
--
-- Name: SATOH Fumiyasu @ OSS Technology Corp. (fumiyas @ osstech co jp)
-- Business Home: http://www.OSSTech.co.jp/
-- GitHub Home: https://GitHub.com/fumiyas/
-- PGP Fingerprint: BBE1 A1C9 525A 292E 6729 CDEC ADC2 9DCA 5E1C CBCA