rlm_ldap: Limit accepted TLS versions on LDAPS
Hello Freeradius Users, I'm using freeradius with the rlm_ldap module to request users from a OpenLDAP server using the LDAPS protocol. Is there any best practice how to limit the accepted TLS versions to 1.2 and 1.3 on the LDAPS connection? SSL and TLS <= 1.1 should be denied. I found a "tls_min_version" option for the rlm_eap module, but not for rlm_ldap. Are there other possibilities than stripping down the used libssl? Thank you in advance and best regards, Robert Hentsch-Jesse ....................................................................................... PHOENIX CONTACT Cyber Security GmbH Richard-Willstätter-Straße 6, 12489 Berlin, Germany Register Court: AG Charlottenburg, HR B 202908 Geschäftsführer/General Manager: Kilian Golm
On 07.12.20 14:38, Robert Hentsch-Jesse wrote:
I'm using freeradius with the rlm_ldap module to request users from a OpenLDAP server using the LDAPS protocol. Is there any best practice how to limit the accepted TLS versions to 1.2 and 1.3 on the LDAPS connection? SSL and TLS <= 1.1 should be denied. I found a "tls_min_version" option for the rlm_eap module, but not for rlm_ldap. Are there other possibilities than stripping down the used libssl?
libssl for can also be configured via /etc/ssl/openssl.cnf. You can us it to limit the acceptable chiphers and TLS versions and many other configuration settings. Grüße, Sven.
participants (2)
-
Robert Hentsch-Jesse -
Sven Hartge