CA LDAP Scope of TLSProtocolMin configuration with multiple ports

book

Article ID: 206588

calendar_today

Updated On:

Products

CA ACF2 CA LDAP Server for z/OS CA LDAP Server for z/OS

Issue/Introduction

With urls defined for both ports, ports 389 and 636.  If TLSProtocolMin is set, does it apply to connections to both ports, or will it still allow unsecured (unencrypted) connections to port 389 if the url's are defined as follows:

hosturls ldap://xxx.yyy.zzz.201:389 ldaps://xxx.yyy.zzz.201:636  

 

 

Environment

Release : 15.1

Component : CA ACF2 for z/OS

Resolution

The TLSProtocolMin applies to the hosturls ldap(s) specification for example:

hosturls  ldap://389 ldaps//:6389

ldap is LDAP over TCP and ldaps is LDAP over SSL (TLS).

TLS_PROTOCOL_MIN version specifies the minimum SSL/TLS protocol version that will be negotiated over that ldaps port(6389 in this example).  

Additional Information

For detatils on TLS_PROTOCOL_MIN see CA LDAP Section: 'LDAP Client Configuration Options'.