Le 25/02/16 17:59, Ogg a écrit : > I also would be interested in the feature. It, would also be interesting to > deprecate TLS 1.0, TLS 1.1 and SSL any flavor.
You can actually prohibit the use of ancient versions of SSL/TLS. We have added some parameter to do that : ads-enabledProtocols. For instance : dn: ads-transportid=ldaps,ou=transports,ads-serverId=ldapServer,ou=servers,ads-directoryServiceId=default,ou=config ads-systemport: 10636 ads-transportenablessl: true ads-transportaddress: localhost ads-transportid: ldaps ads-needClientAuth: false ads-wantClientAuth: true ads-enabledCiphers: AAA ads-enabledCiphers: BBB ads-enabledCiphers: CCC ads-enabledCiphers: DDD ads-enabledProtocols: TLSv1 ads-enabledProtocols: TLSv1.1 ads-enabledProtocols: TLSv1.2 objectclass: ads-transport objectclass: ads-tcpTransport objectclass: top ads-enabled: true enables TLSv1, TLSv1.1 and TLSv1.2. You can just remove the two first parameters.
