Hmm, not too sure why that is. The version in Debian (and also Ubuntu) definitely doesn't include that patch:
| $ chdist apt-get xenial source slapd | Reading package lists... Done | Picking 'openldap' as source package instead of 'slapd' | NOTICE: 'openldap' packaging is maintained in the 'Git' version control system at: | git://anonscm.debian.org/pkg-openldap/openldap.git | Please use: | git clone git://anonscm.debian.org/pkg-openldap/openldap.git | Need to get 4993 kB of source archives. | Get:1 http://archive.ubuntu.com/ubuntu xenial-updates/main openldap 2.4.42+dfsg-2ubuntu3.1 (dsc) [3040 B] | Get:2 http://archive.ubuntu.com/ubuntu xenial-updates/main openldap 2.4.42+dfsg-2ubuntu3.1 (tar) [4813 kB] | Get:3 http://archive.ubuntu.com/ubuntu xenial-updates/main openldap 2.4.42+dfsg-2ubuntu3.1 (diff) [177 kB] | Fetched 4993 kB in 14s (343 kB/s) | $ grep DH_BITS ./libraries/libldap/tls_g.c | #define DH_BITS (1024) | gnutls_dh_params_generate2(ctx->dh_params, DH_BITS); Via online source viewer also confirms this: https://anonscm.debian.org/git/pkg-openldap/openldap.git/tree/libraries/libldap/tls_g.c#n47 https://anonscm.debian.org/git/pkg-openldap/openldap.git/tree/libraries/libldap/tls_g.c#n294 ** Changed in: openldap (Ubuntu) Status: Incomplete => New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1656979 Title: No support for DHE ciphers (TLS) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1656979/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs