On 2021/06/26 12:51, C. G. wrote: > I think it's a LIbreSSL-related issue, because I did the same exact > config procedure on Ubuntu, CentOS, FreeBSD, OmniOS, and it worked, > and on the only OS that uses LibreSSL, it doesn't work.
What can I say; I am running OpenLDAP 2.4.58 slapd on OpenBSD 6.9 and it works for me with TLSv1.3 connections, so there clearly is a way to do it. > It's untolerable that the "most secure OS on the planet" isn't able to > use encrypted connections with TLS 1.3 in Apache and OpenLDAP during a > full release, I mean, that's not serious. LibreSSL just breaks things, > to my POV. Don't tolerate then; you are free to either debug the issue or use another OS if OpenBSD doesn't suit you. Nobody is forcing you to use it. Apache httpd will not support TLSv1.3 itself with the current version of libressl. Hopefully that will change soon but if that is a show stopper and you don't want an alternative (e.g. offload the TLS to a reverse proxy) then OpenBSD isn't suitable for you at this time.