[Date Prev][Date Next] [Chronological] [Thread] [Top]

undocumented TLSProtocolMin

To: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Subject: undocumented TLSProtocolMin
From: Manuel Gaupp <mgaupp@googlemail.com>
Date: Tue, 23 Jul 2013 13:11:37 +0200
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=from:content-type:content-transfer-encoding:subject:message-id:date :to:mime-version:x-mailer; bh=yhXH/vzwmJpgZ3M6+Nh9HQt3HjjEgsUZYRcHOYR78r8=; b=rPrwDeUZ5DPgtNw7xTbOVs5Vik/GuSK2zCcG13Un+jRqA1+bzgsE0mRAQz/r8YcMe/ H//FEwKUPL86ZTdFOeWGtItxXxfAVXtaj92ODc2cDFkd7+LYZH+h+nwt/KMmU98jSmEf LAl6waWXhQfJKYIwb/Pt6w2EQS+1cFCki2Hu92+sNxMEDyyM2dSdOoEg9S9K2BPHhDeI TehIJOQRhJ3wttohz0qJ1J9nCm94zh9Rt1qxsAQbmWGKsqZZsbFBrUYoC52kTGtjlON4 eR5gW1gpTEAu3mL9N4ZyAA5SdG4VijpWnaH3ZYDs19rRCyB1nbE65vr+WvHzlmi/3xyW GQ0w==

Hi,

OpenLDAP seems to support an undocumented configuration parameter "TLSProtocolMin" when linked against OpenSSL. It allows to set the minimum SSL/TLS protocol version:

* TLSProtocolMin 768   # (3 << 8) disables SSLv2
* TLSProtocolMin 769   # ((3 << 8)+1) disables SSLv2 and SSLv3

As there's no documentation for TLSProtocolMin:
Is this feature ready for production or is it experimental?

Best regards,
Manuel

Follow-Ups:
- Re: undocumented TLSProtocolMin
  - From: Quanah Gibson-Mount <quanah@zimbra.com>

Prev by Date: Re: OpenLdap from OpenCSW installation
Next by Date: cn=config chaining or authzTo Strong(er) authentication required (8)
Index(es):
- Chronological
- Thread