CA LDAP Scope of TLSProtocolMin configuration with multiple ports
Article ID: 206588
Updated On:
Products
ACF2
LDAP SERVER FOR Z/OS
Issue/Introduction
With urls defined for both ports, ports 389 and 636. If TLSProtocolMin is set, does it apply to connections to both ports, or will it still allow unsecured (unencrypted) connections to port 389 if the url's are defined as follows:
hosturls ldap://xxx.yyy.zzz.201:389 ldaps://xxx.yyy.zzz.201:636
Environment
Release : 15.1
Component : CA ACF2 for z/OS
Resolution
The TLSProtocolMin applies to the hosturls ldap(s) specification for example:
hosturls ldap://389 ldaps//:6389
ldap is LDAP over TCP and ldaps is LDAP over SSL (TLS).
TLS_PROTOCOL_MIN version specifies the minimum SSL/TLS protocol version that will be negotiated over that ldaps port(6389 in this example).
Additional Information
For details on TLS_PROTOCOL_MIN see CA LDAP Section: 'LDAP Client Configuration Options'.
Feedback
Yes
No
Powered by
