mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-01-06 10:46:21 +08:00
Code Issues Packages Projects Releases Wiki Activity

ITS#7645, #5655 TLSProtocolMin docs

Browse Source
This commit is contained in:
Howard Chu 2013-07-29 06:50:18 -07:00
parent 0f4b5bdd88
commit fbeee4d27f
3 changed files with 39 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
doc/man/man5/ldap.conf.5
View File

@ -413,7 +413,11 @@ If the server doesn't support at least that version,
the SSL handshake will fail.
To require TLS 1.x or higher, set this option to 3.(x+1),
e.g.,
.B TLS_PROTOCOL_MIN 3.2
.nf
TLS_PROTOCOL_MIN 3.2
.fi
would require TLS 1.1.
Specifying a minimum that is higher than that supported by the
OpenLDAP implementation will result in it requiring the

17
doc/man/man5/slapd-config.5
View File

@ -928,6 +928,23 @@ from the default, otherwise no certificate exchanges or verification will
be done. When using GnuTLS or Mozilla NSS these parameters are always generated randomly
so this directive is ignored.
.TP
.B olcTLSProtocolMin: <major>[.<minor>]
Specifies minimum SSL/TLS protocol version that will be negotiated.
If the server doesn't support at least that version,
the SSL handshake will fail.
To require TLS 1.x or higher, set this option to 3.(x+1),
e.g.,
.nf
olcTLSProtocolMin: 3.2
.fi
would require TLS 1.1.
Specifying a minimum that is higher than that supported by the
OpenLDAP implementation will result in it requiring the
highest level that it does support.
This directive is ignored with GnuTLS.
.TP
.B olcTLSRandFile: <filename>
Specifies the file to obtain random bits from when /dev/[u]random
is not available. Generally set to the name of the EGD/PRNGD socket.

17
doc/man/man5/slapd.conf.5
View File

@ -1159,6 +1159,23 @@ from the default, otherwise no certificate exchanges or verification will
be done. When using GnuTLS these parameters are always generated randomly so
this directive is ignored. This directive is ignored when using Mozilla NSS.
.TP
.B TLSProtocolMin <major>[.<minor>]
Specifies minimum SSL/TLS protocol version that will be negotiated.
If the server doesn't support at least that version,
the SSL handshake will fail.
To require TLS 1.x or higher, set this option to 3.(x+1),
e.g.,
.nf
TLSProtocolMin 3.2
.fi
would require TLS 1.1.
Specifying a minimum that is higher than that supported by the
OpenLDAP implementation will result in it requiring the
highest level that it does support.
This directive is ignored with GnuTLS.
.TP
.B TLSRandFile <filename>
Specifies the file to obtain random bits from when /dev/[u]random
is not available. Generally set to the name of the EGD/PRNGD socket.