Hello, Thank you very much for the tip. I was definitively not looking in that direction. I have managed to configure opensssl so that lower ssl works (until our legacy app is updated). What I did is to add at the top of /etc/ssl/openssl.cnf
openssl_conf = default_conf [default_conf] ssl_conf = ssl_sect [ssl_sect] system_default = system_default_sect [system_default_sect] # MinProtocol = TLSv1.2 MinProtocol = TLSv1 CipherString = DEFAULT@SECLEVEL=1 I’m not sure if it not a bit too ocmplex but it works. Thanks again for your help. f.g. > Le 23 févr. 2022 à 18:10, Quanah Gibson-Mount <[email protected]> a écrit : > > > > --On Wednesday, February 23, 2022 6:07 PM +0100 Frédéric Goudal > <[email protected]> wrote: > >> It works, I show you : >> >> against 2.4.0 openldap server >> >> nmap --script ssl-enum-ciphers -p 636 <oldldap> >> >> So… it still does not work. What can I do ? > > It would appear the provider of the OpenSSL libraries disabled anything less > than TLSv1.2. > > --Quanah > > — Frédéric Goudal Ingénieur Système, DSI Bordeaux-INP +33 556 84 23 11
