[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: enforce TLS 1.2 in OpenLDAP server side

To: Dieter Klünter <dieter@dkluenter.de>, openldap-technical@openldap.org, Steve Zeng <steve.zeng@booking.com>
Subject: Re: enforce TLS 1.2 in OpenLDAP server side
From: Quanah Gibson-Mount <quanah@zimbra.com>
Date: Sat, 10 Sep 2016 13:36:48 -0700
Content-disposition: inline
Dkim-filter: OpenDKIM Filter v2.10.3 edge04e.zimbra.com E1A08534A1F
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zimbra.com; s=C2AA288C-EE47-11E2-9BB0-E820BDD9BDBF; t=1473539657; bh=GY98bT1HzWXUQreutOfud2bC7BBIlYFaDoBMD6/nlMw=; h=Date:From:To:Message-ID:MIME-Version; b=f1TWnrwKzoEDZVGcKO1SxG0gA5lyMzsXURNI/ObbBc2SZjO0ueebjpnjG0D2qINOZ B9Z+B2AZXMpGHeHs4LNrzcZSovq3pstJ6ndL24H9gs8MAP9EA4YUblUgcTR4XRTSRq sBPBj9gt0uAlHu93BjGky93Xf1Jqd1Josw+fG/og=
In-reply-to: <20160910095733.618c4bc2@pink.avci.de>
References: <4E5E9A63-EA95-484B-9AD4-D45B8EE5CB1D@booking.com> <20160910095733.618c4bc2@pink.avci.de>

--On Saturday, September 10, 2016 10:57 AM +0200 Dieter Klünter<dieter@dkluenter.de> wrote:

However, TLS1.0 still shows up in a lot of tcpdump packets:


Is this compiled with GnuTLS or OpenSSL?

Since it is ".el6" that would generally imply a RHEL build. That would inturn mean it is most likely compiled against the known insecure and brokenMozNSS libs. So neither GnuTLS or OpenSSL.


--Quanah

--

Quanah Gibson-Mount

Follow-Ups:
- Re: enforce TLS 1.2 in OpenLDAP server side
  - From: Steve Zeng <steve.zeng@booking.com>

References:
- enforce TLS 1.2 in OpenLDAP server side
  - From: Steve Zeng <steve.zeng@booking.com>
- Re: enforce TLS 1.2 in OpenLDAP server side
  - From: Dieter Klünter <dieter@dkluenter.de>

Prev by Date: Re: enforce TLS 1.2 in OpenLDAP server side
Next by Date: Re: enforce TLS 1.2 in OpenLDAP server side
Index(es):
- Chronological
- Thread