rlm_ldap: Limit accepted TLS versions on LDAPS

Alan DeKok aland at deployingradius.com
Wed Dec 9 18:35:20 CET 2020

On Dec 9, 2020, at 12:24 PM, Michael Ströder via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> How about TLSv1.3?

  It should work.

> You're using the integer constants from ldap.h which is fine up to
> TLSv1.2. But there's no such constant for TLSv1.3 in ldap.h.

  Yeah.  I suspect even if we added it, libldap would complain.

> But OpenLDAP server already supports TLSv1.3:
> openssl s_client -connect demo.ae-dir.com:636
> I've submitted ITS#9422 [1] and we will see what OpenLDAP devs say.


  Alan DeKok.

More information about the Freeradius-Users mailing list