rlm_ldap : cipher_list parameter support ?
Arnaud LAURIOU
arnaud.lauriou at renater.fr
Mon Jan 30 13:32:29 UTC 2023
Hi,
With FR 3.2.1, ubuntu 20.04, I can't bind to LDAP server using an old
TLS 1.0 version.
With TLS section parameters in ldap.conf :
tls {
start_tls = no
ca_file = "/etc/freeradius/ca_cert_hosting/12126560.pem"
require_cert = demand
tls_min_version = "1.0"
cipher_list = "DEFAULT at SECLEVEL=1"
}
I have in debug log for this LDAP server :
# Loaded module rlm_ldap
...
tls {
ca_file = "/etc/freeradius/ca_cert_hosting/12126560.pem"
tls_min_version = "1.0"
start_tls = no
require_cert = "demand"
}
And the error when trying to bind :
TLS: can't connect: (unknown error code).
It seems that 'cipher_list' parameter has disappeared in the debug log,
is this parameter
supported in ldap.conf ?
If not, how can I bind and check certificate ('demand' or 'hard' option)
to a TLS 1.0
LDAP server ?
Regards,
Arnaud
More information about the Freeradius-Users
mailing list