OpenLDAP May Ignore TLSCipherSuite Setting in Some Cases .
Linux (Any), UNIX (Any)
A vulnerability was reported in OpenLDAP. The system may use a weaker cipher suite than specified.
When the Mozilla NSS backend is used, the OpenLDAP software ignores the TLSCipherSuite setting and instead uses the default cipher suite, which may contain some weak ciphers. The vulnerability resides in 'libraries/libldap/tls_m.c'.
The system may use weaker ciphers than specified in the configuration file.
The vendor has issued a source code fix, available at: Openldap.org