9 Dec
2020
9 Dec
'20
10:48 a.m.
On 12/9/20 3:36 PM, Alan DeKok wrote:
And the libldap API doesn't provide a way to say "require TLS 1.2"
How about using LDAP_OPT_X_TLS_PROTOCOL_MIN described in ldap_set_option(3)? This is a single integer but I can't find how to calculate it from TLS major.minor version. I suspect it's the 16-bit integer value (2 bytes for major.minor) used at lower TLS protocol level. AFAICS TLSv1.2 would be 0x0303 [1]. Better ask on openldap-technical mailing list to get an authorative answer though. Ciao, Michael. [1] https://tools.ietf.org/html/rfc8446#section-4.1.2