You need to turn off TLS 1.0 and 1.1 and use only TLS 1.2 on our CA LDAP directories. How do you do this?

set ssl Command -- Configure SSL

1. If the user store is CA Directory DSA, you one can follow the same logic as mentioned in the link.
   i.e. protocol = tlsv12 <-- this needs to be set at DSA level.
2. On the IDM side this would be at the application server level. We don't make any configurations with SSL. 
3. Look at DXHOME/config/servers/dsaname.dxi file for user store and see what is being 'sourced' in for SSL part. 
   Once you know, go to DXHOME/config/ssld folder and edit that .dxc file to have 'protocol=tlsv12' to tie down DSA to ONLY accept TLS1.2 connection and reject all others.