rlm_ldap: Limit accepted TLS versions on LDAPS

Sven Hartge sven at svenhartge.de
Mon Dec 7 14:48:51 CET 2020


On 07.12.20 14:38, Robert Hentsch-Jesse wrote:

> I'm using freeradius with the rlm_ldap module to request users from a OpenLDAP server using the LDAPS protocol.
> Is there any best practice how to limit the accepted TLS versions to 1.2 and 1.3 on the LDAPS connection? SSL and TLS <= 1.1 should be denied.
> I found a "tls_min_version" option for the rlm_eap module, but not for rlm_ldap.
> Are there other possibilities than stripping down the used libssl?

libssl for can also be configured via /etc/ssl/openssl.cnf.

You can us it  to limit the acceptable chiphers and TLS versions and 
many other configuration settings.

Grüße,
Sven.


More information about the Freeradius-Users mailing list