TLS requirements for LDAP servers¶
This document describes the requirements for the SSL/TLS configuration of LDAP servers connected to Feide
TLS protocol version¶
Feide requires LDAP servers to support TLS version 1.2.
TLS versions 1.0 and 1.1 are supported by Feide, but support for these versions is deprecated and will be removed in the future.
Note: On Windows Server 2008 R2, TLS version 1.2 must be enabled. See Protocols in TLS/SSL (Schannel SSP) for details.
SSL version 3.0 and older is not supported by Feide.
TLS cipher suites¶
Feide requires LDAP servers to support at least one of the following cipher suites:
The following cipher suites are supported by Feide, but are deprecated and will be removed in the future:
Feide requires LDAP servers to be configured with a certificate issued from a public certificate provider.
The Mozilla CA-bundle can be used as a reference for the list of supported root certificates in Feide.