--On Tuesday, April 13, 2021 7:56 PM +0000 "CLARKE, ED C" <[email protected]>
wrote:
[Image: ""]
Hi Ed,
In the future, please do not attach images to your email.
I am having trouble disabling TLS1.0 on my OpenLdap and enabling TLS 1.2
& 1.3, below are the scan results:
• Enable support for TLS 1.2 and 1.3, and disable support for TLS 1.0.
• "Consult the application's documentation to disable SSL 2.0 and 3.0.
• Use TLS 1.2 (with approved cipher suites) or higher instead."
• "Ports found: 389
• TLSv1 is enabled and the server supports at least one cipher."
• Info for my LDAP
• $ rpm -qa | grep ldap
• openldap-clients-2.4.44-21.el7_6.s390x
• sssd-ldap-1.16.2-13.el7_6.12.s390x
• openldap-2.4.44-21.el7_6.s390x
• openldap-servers-2.4.44-21.el7_6.s390x
OpenLDAP in RHEL7 is linked to the OpenSSL 1.0.2 which does not have
support for TLS1.3. So the latest version you can access with your build
is TLS 1.2.
I suggest reading the slapd.conf(5) or slapd-config(5) man page, which
clearly documents how to set a minimum TLS protocol for the slapd server.
Regards,
Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
