From dcf97caf117469ff08bcf3903d3ae050dd23b055 Mon Sep 17 00:00:00 2001 From: Philip Guenther Date: Mon, 29 Jul 2013 06:38:27 -0700 Subject: [PATCH] ITS#5655 TLS_PROTOCOL_MIN setting --- doc/man/man5/ldap.conf.5 | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/doc/man/man5/ldap.conf.5 b/doc/man/man5/ldap.conf.5 index 8f7fecda1c..b30fd76678 100644 --- a/doc/man/man5/ldap.conf.5 +++ b/doc/man/man5/ldap.conf.5 @@ -407,6 +407,19 @@ is in the source code for Mozilla NSS in the file sslinfo.c in the structure .fi .RE .TP +.B TLS_PROTOCOL_MIN [.] +Specifies minimum SSL protocol version that will be negoiated. +If the server doesn't support at least that version, +the SSL handshake will fail. +To require TLS 1.x or higher, set this option to 3.(x+1), +e.g., +.B TLS_PROTOCOL_MIN 3.2 +would require TLS 1.1. +Specifying a minimum that is higher than that supported by the +OpenLDAP implementation will result it in requiring the +highest level that it does support. +This parameter is currently ignored with GNUtls. +.TP .B TLS_RANDFILE Specifies the file to obtain random bits from when /dev/[u]random is not available. Generally set to the name of the EGD/PRNGD socket. -- 2.39.5