Hide Forgot
$ rpm -qa | grep openldap openldap-servers-2.4.40-9.el7_2.x86_64 openldap-2.4.40-9.el7_2.x86_64 openldap-clients-2.4.40-9.el7_2.x86_64 Documentation link: https://access.redhat.com/articles/1474813 Setting olcTLSProtocolMin: 3.1 does only enable TLSv1.0 or above. The documentation states: olcTLSProtocolMin: 3.2 - TVSv1.1 or better When using the following: dn: cn=config changetype: modify replace: olcTLSCipherSuite olcTLSCipherSuite: ECDHE-RSA-AES256-SHA384:AES256-SHA256:!RC4:HIGH:!MD5:!EDH:!EXP:!SSLV2:!eNULL - replace: olcTLSProtocolMin olcTLSProtocolMin: 3.2 A scan of port 636 shows: SSLv2 not offered (OK) SSLv3 not offered (OK) TLS 1 offered TLS 1.1 offered TLS 1.2 offered (OK)
This issue should be resolved with next release (openldap-2.4.40-12.el7) by resolving bug 1249093.
Hi, It doesn't look like I have permission to view that bug for reference. Can I please be added to the CC to read it?
(In reply to Steven Haigh from comment #3) > Hi, > > It doesn't look like I have permission to view that bug for reference. Can I > please be added to the CC to read it? Hi Steven, I am sorry but I am not sure if I can do that. However, the fix there rewrites the olcTLSProtocolMin (aka TLS_PROTOCOL_MIN) portion of code so that this option works correctly for all settings of SSL2, SSL3 and TLSv1.x.