URL: https://github.com/freeipa/freeipa/pull/4138 Author: tiran Title: #4138: Explain the effect of OPT_X_TLS_PROTOCOL_MIN Action: opened

PR body: """ OpenLDAP 2.4 sets minimum version with SSL_CTX_set_options(). The system-wide crypto-policies for TLS minimum version are applied with SSL_CTX_set_min_proto_version(). The set_option() call cannot not enable lower versions than allowed by crypto-policy, e.g. openssl.cnf MinProtocol=TLS1.2 + OPT_X_TLS_PROTOCOL_MIN=TLS1.0 result in TLS 1.2 as minimum protocol version.

Signed-off-by: Christian Heimes cheimes@redhat.com """

To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4138/head:pr4138 git checkout pr4138