CA LDAP port identified as vulnerable

Document ID : KB000074948
Last Modified Date : 28/03/2018
Show Technical Document Details
Question:
A vulnerability test was recently performed and the port being used for CA LDAP was identified as being vulnerable for using an early version of TLS.  Is there a way to force CA LDAP to use the latest version?
Answer:
Configure LDAP for TLS 1.2 Use SLAPD parm:

TLSProtocolMin tls1.2
 
What ever level you enter in SLAPD will get used.  If you want SSL3 used, then use:
 
TLSProtocolMin ssl3