How to configure OpenLDAP on Debian Stretch to support SSLv3.0

[Jeremy Davis <jeremy@turnkeylinux.org>]

Hi all,

I'm writing on behalf of a user ragrading how to go about configuring
LDAPS support for SSLv3.0 certificate under OpenLDAP v2.4.44 - running
on Debian 9/Stretch (default Debian 'slapd' package install).

I know that SSLv3.0 is insecure and generally a bad option, but a user
needs to connect to LDAPS with an old application that only supports
SSLv3.0.

I understand that a complicating factor may be that the Debian OpenLDAP
(slapd) package is compiled against GnuTLS, rather than OpenSSL.

Any insight that might head me in the right direction would be greatly
appreciated.

Also please note that I'm a bit of an OpenLDAP newb and my knowledge of
SSL/TLS is more related to web servers/browsers and more about "best
practices" rather than tweaking to be more permissive.

Regards,
Jeremy Davis
TurnKey Linux

Attachment: signature.asc
Description: OpenPGP digital signature