Customer wants to disable SSL protocol and enable TLSv1.1/ TLSv1.2 for Policy server connection with LDAP Policy store/User Store.Does Policy server supports TLSv1.1/ TLSv1.2 protocol for LDAP connectivity with Policy Store/User Store?
What determines the Policy Server supportability to various SSL/TLS protocols with respect to LDAP connection?
The Policy Server uses a Mozilla LDAP SDK to communicate with LDAP directories (Policy store/User Store etc.)
These libraries are deployed under Policy server lib folder. The main library being Network Security Services Base Library : nss3.dll (windows)/libnssutil3.so (Unix)
So, support for different security protocol SSL/TLS 1.0/1.1/1.2 etc primarily depends on whether the bundled NSS library support it or not.
Support for TLS v 1.1 (RFC 4346) is available from NSS 3.14
Support for TLS v 1.2 (RFC 5246) is available from NSS 3.15.1
Does Policy server supports TLSv1.2 protocol for LDAP connectivity with Policy Store/User Store?
As seen above , this depends on the version of the NSS libraries shipped. Now let’s look at the NSS libraries version shipped with different Policy server version