--On Thursday, March 3, 2022 9:55 AM +0100 Stefan Bauer
our security scanner reports
SSL/TLS: Renegotiation DoS Vulnerability (CVE-2011-1473, CVE-2011-5094)
for port TCP/636.
I could not find a way to disable SSL/TLS renogitation for openldap.
How can this be disabled?
I would note that both of those CVE's are disputed and "fixing" them was
rejected by RedHat (which it appears you are using). I'd generally
question the report by the security software.
However, if you use the Symas OpenLDAP packages which will provide a
current release of OpenSSL and OpenLDAP instead of the distribution
provided packages you can set the minimum TLS supported protocol to version
1.3, which forbids renegotiation.