Daniel Pfeilsticker
Reputation: 3
sssd (2.0.0, CentOS 8) with old tls 1.0 only ldap
I can't connect sssd (2.0.0, CentOS 8) with old tls 1.0 only ldap (MacOS X 10.6 server).
Working, so this should be possible:
openssl s_client -connect snow.cologne.intradesys.com:ldaps -tls1
In /etc/openldap/ldap.conf i have the option to set TLS_PROTOCOL_MIN 3.1 (= TLS 1.0)
But looking at:
man sssd-ldap
i have a lot of ldap_tls_... parameters, but non to downgrade to TLS 1.0
So i get /var/log/sssd/sssd_default.log:
/var/log/sssd/sssd_default.log[sss_ldap_init_sys_connect_done] (0x0020): ldap_install_tls failed: [Connect error] [error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol]
Upvotes: 0
Views: 2834
Answers (1)
Martin Simovic
Reputation: 36
Just found another and more appropriate solution with the same effect.
update-crypto-policies --set LEGACY
systemctl restart sssd
Job done.
Upvotes: 2
Related Questions
- sssd Error: Could not start TLS encryption. (unknown error code)
- Migrate SOAP/REST client from TLS 1.0 to TLS 1.2
- How do i disable SSL V3/TLS 1.0 for OpenLDAP or how do i disable TLS 1.0 support on ldap port 636?
- How to tell Python's ldap3 module to TLS version 1.2 explicitly?
- Java 7 with TLSv1.2 connect to LDAPS handshake failure
- UnboundID: how to configure multiple TLS protocols for LDAP over SSL connection?
- org.apache.karaf.jaas.modules.ldap Unable to setup SSL support for LDAP
- Enable usage of TLS 1.2 in soapUI Pro
- SSSD Authentication with Samba 4
- Unable to turn on SecureSocketLayer with DirectoryServices.Protocols.LdapConnection