Is there anything in Broadcom's LDAP server to restrict the SSL/TLS protocol to TLSv1.2 or higher?

search cancel

Is there anything in Broadcom's LDAP server to restrict the SSL/TLS protocol to TLSv1.2 or higher?

book

Article ID: 191414

calendar_today

Updated On:

Products

ACF2 ACF2 - DB2 Option ACF2 for zVM ACF2 - z/OS ACF2 - MISC LDAP SERVER FOR Z/OS Top Secret - LDAP

Issue/Introduction

Is there anything to restrict the ssl protocol to TLSv1.2 or higher, so the less secure v1 or v1.1 are not used?

Environment

Release : 15.1

Component : CA LDAP Server for z/OS

Resolution

LDAP uses TLSProtocolMin which specifies the minimum SSL/TLS protocol version that will be negotiated. When the server does not support at least this version, the SSL handshake fails.

Change the slapd.conf to set the TLSProtocolMin to TLS1.2.

Additional Information

Please see the documentation for further instructions.

https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-mainframe-software/security/ca-system-z-security-communication-servers-dsi-ldap-pam/15-1/configuring/configure-the-ca-ldap-server/customize-the-slapd-configuration-file.html

Feedback

thumb_up Yes

thumb_down No