Many thanks, Ryan.
I'll schedule a maintenance window so that I can do some testing without
affecting users.
Regards
Philip
On Thu, 7 Feb 2019 at 17:09, Ryan Tandy wrote:
> On Thu, Feb 07, 2019 at 06:05:02PM +0100, Michael Ströder wrote:
> >You should rather set
> >
> >olcTLSProtocolMin:
On Thu, Feb 07, 2019 at 06:05:02PM +0100, Michael Ströder wrote:
You should rather set
olcTLSProtocolMin: 3.3
Unfortunately this option is currently implemented for OpenSSL only,
while Philip mentioned he is using GnuTLS.
On 2/7/19 5:50 PM, Philip Colmer wrote:
> I want to restrict the cipher suites used in OpenLDAP so that only
> TLS1.2 is supported.
>
> Looking at https://openldap.org/doc/admin24/tls.html, I first tried
> setting olcTLSCipherSuite to "HIGH" but the LDAP server gave an error 80
> and then stopped
I want to restrict the cipher suites used in OpenLDAP so that only TLS1.2
is supported.
Looking at https://openldap.org/doc/admin24/tls.html, I first tried setting
olcTLSCipherSuite to "HIGH" but the LDAP server gave an error 80 and then
stopped accepted further connections until I restarted it.