[email protected] wrote: > Full_Name: Nancy Mo > Version: openldap-clients-2.4.44-15.el7_5.x86_64 > OS: Redhat 7 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (106.38.0.87) > > > Hi team, > > Linux server is redhat7, and installed Openssl-1.1.1 which is support for > TLS1.3。 > I tried to connect a LDAP server which is used TLS1.3, the openldap client > connection failed, if the server setting change to TLS 1.2, it can connected > successfully。 > By the way, use the openssl s_client -connect HOSTNAME.com:636, it will use > TLS > 1.3, and connect successfully. > In the ldap.conf, I have set two parameters: > > TLS_CACERTDIR /etc/openldap/certs > TLS_REQCERT never > > Why the openldap client can not use TLS1.3?
RedHat builds their OpenLDAP packages with MozillaNSS, not OpenSSL. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
