]> git.sur5r.net Git - openldap/blobdiff - doc/man/man5/ldap.conf.5
projects / openldap / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
ITS#5655 TLS_PROTOCOL_MIN setting
[openldap] / doc / man / man5 / ldap.conf.5
diff --git a/doc/man/man5/ldap.conf.5 b/doc/man/man5/ldap.conf.5
index 8f7fecda1c7cdfaa6aef9352e069e388fb7db7fd..b30fd76678d3d4bc41bed13e0b5b0facf9aa1e07 100644 (file)
--- a/doc/man/man5/ldap.conf.5
+++ b/doc/man/man5/ldap.conf.5
@@ -407,6 +407,19 @@ is in the source code for Mozilla NSS in the file sslinfo.c in the structure
 .fi
 .RE
 .TP
+.B TLS_PROTOCOL_MIN <major>[.<minor>]
+Specifies minimum SSL protocol version that will be negoiated.
+If the server doesn't support at least that version,
+the SSL handshake will fail.
+To require TLS 1.x or higher, set this option to 3.(x+1),
+e.g.,
+.B TLS_PROTOCOL_MIN 3.2
+would require TLS 1.1.
+Specifying a minimum that is higher than that supported by the
+OpenLDAP implementation will result it in requiring the
+highest level that it does support.
+This parameter is currently ignored with GNUtls.
+.TP
 .B TLS_RANDFILE <filename>
 Specifies the file to obtain random bits from when /dev/[u]random is
 not available. Generally set to the name of the EGD/PRNGD socket.
Cloned from git://git.openldap.org/openldap.git