Hello Quanah, Thank you for the information, & I am not sure what images were attached, sorry about that.
Thanks, Ed -----Original Message----- From: Quanah Gibson-Mount <[email protected]> Sent: Tuesday, April 13, 2021 2:13 PM To: CLARKE, ED C <[email protected]>; [email protected] Subject: Re: Enable support for TLS 1.2 and 1.3, and disable support for TLS 1.0. --On Tuesday, April 13, 2021 7:56 PM +0000 "CLARKE, ED C" <[email protected]> wrote: > [Image: ""] Hi Ed, In the future, please do not attach images to your email. > I am having trouble disabling TLS1.0 on my OpenLdap and enabling TLS > 1.2 & 1.3, below are the scan results: > > > • Enable support for TLS 1.2 and 1.3, and disable support for TLS 1.0. > • "Consult the application's documentation to disable SSL 2.0 and 3.0. > • Use TLS 1.2 (with approved cipher suites) or higher instead." > • "Ports found: 389 > • TLSv1 is enabled and the server supports at least one cipher." > > > • Info for my LDAP > > > • $ rpm -qa | grep ldap > • openldap-clients-2.4.44-21.el7_6.s390x > • sssd-ldap-1.16.2-13.el7_6.12.s390x > • openldap-2.4.44-21.el7_6.s390x > • openldap-servers-2.4.44-21.el7_6.s390x OpenLDAP in RHEL7 is linked to the OpenSSL 1.0.2 which does not have support for TLS1.3. So the latest version you can access with your build is TLS 1.2. I suggest reading the slapd.conf(5) or slapd-config(5) man page, which clearly documents how to set a minimum TLS protocol for the slapd server. Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <https://urldefense.com/v3/__http://www.symas.com__;!!BhdT!2Ay6kjyFewXlyTrX2vt0-UqmSaH0El4vfmsD0Ey5mYHnroMo57jUdjFQpNLKrg$ >
