Hello,
I am having trouble disabling TLS1.0 on my OpenLdap and enabling TLS 1.2 & 1.3, below are the scan results:
* Enable support for TLS 1.2 and 1.3, and disable support for TLS 1.0. * "Consult the application's documentation to disable SSL 2.0 and 3.0. * Use TLS 1.2 (with approved cipher suites) or higher instead." * "Ports found: 389 * TLSv1 is enabled and the server supports at least one cipher."
* Info for my LDAP
* $ rpm -qa | grep ldap * openldap-clients-2.4.44-21.el7_6.s390x * sssd-ldap-1.16.2-13.el7_6.12.s390x * openldap-2.4.44-21.el7_6.s390x * openldap-servers-2.4.44-21.el7_6.s390x
Any help in this matter would be greatly appreciated.
Thanks, Ed
Ed Clarke Senior Software Engineer Operations Transformation, Real-time Automation & Predictive Insightshttp://mysolutions.dev.att.com/GNFO_Solutions/index.jsp "RAPID" Certified Quality Eng. - ISO 9000/1 Six Sigma - Yellow Belt AT&T Veterans
AT&T "ATO" 1010 Pine ST. Shared, St. Louis, MO. 63101 m 636.639.0713 | o 314.335.3158 | ec4397@att.commailto:ec4397@att.com
--On Tuesday, April 13, 2021 7:56 PM +0000 "CLARKE, ED C" ec4397@att.com wrote:
[Image: ""]
Hi Ed,
In the future, please do not attach images to your email.
I am having trouble disabling TLS1.0 on my OpenLdap and enabling TLS 1.2 & 1.3, below are the scan results:
• Enable support for TLS 1.2 and 1.3, and disable support for TLS 1.0. • "Consult the application's documentation to disable SSL 2.0 and 3.0. • Use TLS 1.2 (with approved cipher suites) or higher instead." • "Ports found: 389 • TLSv1 is enabled and the server supports at least one cipher."
• Info for my LDAP
• $ rpm -qa | grep ldap • openldap-clients-2.4.44-21.el7_6.s390x • sssd-ldap-1.16.2-13.el7_6.12.s390x • openldap-2.4.44-21.el7_6.s390x • openldap-servers-2.4.44-21.el7_6.s390x
OpenLDAP in RHEL7 is linked to the OpenSSL 1.0.2 which does not have support for TLS1.3. So the latest version you can access with your build is TLS 1.2.
I suggest reading the slapd.conf(5) or slapd-config(5) man page, which clearly documents how to set a minimum TLS protocol for the slapd server.
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
Hello Quanah,
Thank you for the information, & I am not sure what images were attached, sorry about that.
Thanks, Ed
-----Original Message----- From: Quanah Gibson-Mount quanah@symas.com Sent: Tuesday, April 13, 2021 2:13 PM To: CLARKE, ED C ec4397@att.com; openldap-technical@openldap.org Subject: Re: Enable support for TLS 1.2 and 1.3, and disable support for TLS 1.0.
--On Tuesday, April 13, 2021 7:56 PM +0000 "CLARKE, ED C" ec4397@att.com wrote:
[Image: ""]
Hi Ed,
In the future, please do not attach images to your email.
I am having trouble disabling TLS1.0 on my OpenLdap and enabling TLS 1.2 & 1.3, below are the scan results:
• Enable support for TLS 1.2 and 1.3, and disable support for TLS 1.0. • "Consult the application's documentation to disable SSL 2.0 and 3.0. • Use TLS 1.2 (with approved cipher suites) or higher instead." • "Ports found: 389 • TLSv1 is enabled and the server supports at least one cipher."
• Info for my LDAP
• $ rpm -qa | grep ldap • openldap-clients-2.4.44-21.el7_6.s390x • sssd-ldap-1.16.2-13.el7_6.12.s390x • openldap-2.4.44-21.el7_6.s390x • openldap-servers-2.4.44-21.el7_6.s390x
OpenLDAP in RHEL7 is linked to the OpenSSL 1.0.2 which does not have support for TLS1.3. So the latest version you can access with your build is TLS 1.2.
I suggest reading the slapd.conf(5) or slapd-config(5) man page, which clearly documents how to set a minimum TLS protocol for the slapd server.
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <https://urldefense.com/v3/__http://www.symas.com__;!!BhdT!2Ay6kjyFewXlyTrX2v... >
openldap-technical@openldap.org
-
CLARKE, ED C -
Quanah Gibson-Mount