rlm_ldap: Limit accepted TLS versions on LDAPS
Alan DeKok
aland at deployingradius.com
Wed Dec 9 18:35:20 CET 2020
On Dec 9, 2020, at 12:24 PM, Michael Ströder via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> How about TLSv1.3?
It should work.
> You're using the integer constants from ldap.h which is fine up to
> TLSv1.2. But there's no such constant for TLSv1.3 in ldap.h.
Yeah. I suspect even if we added it, libldap would complain.
> But OpenLDAP server already supports TLSv1.3:
>
> openssl s_client -connect demo.ae-dir.com:636
>
> I've submitted ITS#9422 [1] and we will see what OpenLDAP devs say.
Thanks.
Alan DeKok.
More information about the Freeradius-Users
mailing list