Is there anything in LDAP to restrict the ssl protocol to TLSv1.2 or higher?
search cancel

Is there anything in LDAP to restrict the ssl protocol to TLSv1.2 or higher?

book

Article ID: 191414

calendar_today

Updated On:

Products

ACF2 ACF2 - DB2 Option ACF2 for zVM ACF2 - z/OS ACF2 - MISC LDAP SERVER FOR Z/OS PAM CLIENT FOR LINUX ON MAINFRAME WEB ADMINISTRATOR FOR TOP SECRET

Issue/Introduction

Is there anything to restrict the ssl protocol to TLSv1.2 or higher, so we don't use the less secure  v1 or v1.1??

Environment

Release : 15.1

Component : CA LDAP Server for z/OS

Resolution

LDAP uses TLSProtocolMin which specifies the minimum SSL/TLS protocol version that will be negotiated. When the server does not support at least this version, the SSL handshake fails.

Change the slapd.conf to set the TLSProtocolMin to TLS1.2.

Additional Information

Please see the documentation for further instructions.

https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-mainframe-software/security/ca-system-z-security-communication-servers-dsi-ldap-pam/15-1/configuring/configure-the-ca-ldap-server/customize-the-slapd-configuration-file.html
Powered by Wolken Software