How to set TLS 1.2 for LDAP connection

  • Thread starter Thread starter SashkaMor65
  • Start date Start date
S

SashkaMor65

Guest
I need to force use of TLS 1.2 instead of TLS 1.0.
My production C++ code establishes TLS 1.0 connection with LDAP server by calling ldap_sslinit() followed by ldap_connect().
Tried to use ldap_set_option() to set LDAP_OPT_SSL_INFO in LDAP Session Options using a SecPkgContext_ConnectionInfo Structure with dwProtocol set to SP_PROT_TLS1_2_CLIENT.
Called the function after ldap_sslinit() but before calling ldap_connect().
Unfortunately, it didn't go trough returning error 0x59 LDAP_PARAM_ERROR "A bad parameter was passed to a routine."

Currently when I call function ldap_get_option() to get LDAP_OPT_SSL_INFO for the existing TLS 1.0 connection, it returns this:
SecPkgContext_ConnectionInfo spcci;
spcci.dwProtocol = SP_PROT_TLS1_CLIENT;
spcci.aiCipher = CALG_AES_256;
spcci.dwCipherStrength = 256;
spcci.aiHash = CALG_SHA;
spcci.dwHashStrength = 160;
spcci.aiExch = 0x0000ae06;
spcci.dwExchStrength = 256;

Tried to set exactly the same values calling ldap_set_option(). It failed with the same error 0x59.

Please help!

Continue reading...
 

Similar threads

S
How to disable SSLv3 and keep only TLS for LDAP connection.
Replies
0
Views
108
Sergey Orekhov
S
R
How to use SecPkgContext_ConnectionInfo to set protocol to tls1.2?
Replies
0
Views
136
ritu varkey
R
Back
Top