--- a/components/openldap/patches/01-no-ssl3.patch Fri Aug 07 14:59:43 2015 -0700
+++ b/components/openldap/patches/01-no-ssl3.patch Fri Aug 07 16:20:13 2015 -0600
@@ -13,7 +13,7 @@
#DEREF never
+
+TLS_PROTOCOL_MIN 3.2
-+TLS_CIPHER_SUITE -ALL:+TLSv1.2:+TLSv1.1
++TLS_CIPHER_SUITE TLSv1.2:!aNULL:!eNULL:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-DES-CBC3-SHA:DHE-DSS-DES-CBC3-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA
--- openldap-2.4.30/servers/slapd/slapd.conf.old Mon Jun 1 16:47:47 2015
+++ openldap-2.4.30/servers/slapd/slapd.conf Mon Jun 1 16:47:59 2015
@@ -22,10 +22,12 @@
@@ -22,8 +22,8 @@
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
-+TLSProtocolMin 3.2
-+TLSCipherSuite -ALL:+TLSv1.2:+TLSv1.1
++TLSProtocolMin 770
++TLSCipherSuite TLSv1.2:!aNULL:!eNULL:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-DES-CBC3-SHA:DHE-DSS-DES-CBC3-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA
# Sample access control policy:
# Root DSE: allow anyone to read it