--On Wednesday, November 3, 2021 11:13 PM +0000 "Ballem, Narayanan" Narayanan.Ballem@Staples.com wrote:

Yes it just adding few CN entries to DB for active directory sync up. Not sure where is the issue then in disabling SSLv3. Do you think is 2.4.54 might not support TLSprotocolMin? I think it supports.

I did run slapd in debug mode while starting not seeing any issue TLS version.

@(#) $OpenLDAP: slapd 2.4.54 (Oct 27 2020 18:47:58)

I testing with 2.4.59 on RHEL7 linked to the RHEL7 OpenSSL libraries and could not reproduce the issue.

There are no fixes between 2.4.54 and 2.4.59 related to OpenSSL or TLS.

I would note that your TLS configuration directives are inside the database backend definition which is invalid. They are global options and should appear before any database xxxx configuration section.

--Quanah

--

Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com