rlm_ldap: Limit accepted TLS versions on LDAPS

Robert Hentsch-Jesse rhentsch-jesse at phoenixcontact.com
Mon Dec 7 14:38:29 CET 2020


Hello Freeradius Users,

I'm using freeradius with the rlm_ldap module to request users from a OpenLDAP server using the LDAPS protocol.
Is there any best practice how to limit the accepted TLS versions to 1.2 and 1.3 on the LDAPS connection? SSL and TLS <= 1.1 should be denied.
I found a "tls_min_version" option for the rlm_eap module, but not for rlm_ldap.
Are there other possibilities than stripping down the used libssl?

Thank you in advance and best regards,

Robert Hentsch-Jesse


.......................................................................................
PHOENIX CONTACT Cyber Security GmbH 
Richard-Willstätter-Straße 6, 12489 Berlin, Germany 
Register Court: AG Charlottenburg, HR B 202908 
Geschäftsführer/General Manager: Kilian Golm


More information about the Freeradius-Users mailing list