+++ This bug was initially created as a clone of Bug #1435689 +++ Description of problem: OpenLDAP cannot make use of the new TLSv1.3 protocol implemented in NSS. Version-Release number of selected component (if applicable): openldap-2.4.44-7.fc25.x86_64 How reproducible: always Steps to Reproduce: 1. Set TLS_PROTOCOL_MIN, or its equivalent, to 3.4. 2. Try to establish secure connection using ldap* tools and/or to a slapd server. Actual results: TLS protocol error, no ciphers to be negotiated, establishing TLS layer fails while dropping the connection. Expected results: TLSv1.3 ciphers are proposed, TLS layer is successfully established.
http://pkgs.fedoraproject.org/cgit/rpms/openldap.git/commit/?h=f26&id=8ba6f5c9b7ecdd2dbc3751516ea0471c4a8fc7e3
openldap-2.4.44-9.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-73ef9020a4
For the following commit's description see bug 1435689 comment 4: http://pkgs.fedoraproject.org/cgit/rpms/openldap.git/commit/?id=af30ccf247c0814d1902d2f3ebd87b4f8f806efc There's a related bug 1437989 that aims to introduce an analogous behaviour for the minimal TLS protocol version configuration option.
openldap-2.4.44-10.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-73ef9020a4
openldap-2.4.44-10.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-73ef9020a4
openldap-2.4.44-10.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.